From: Eric Covener <covener@apache.org>
Date: Sun, 26 Apr 2026 15:57:15 +0000 (+0000)
Subject: fix ajp_msg_check_header check
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=76dac5d445a36751f4b9f8c3abd8f10b07904528;p=thirdparty%2Fapache%2Fhttpd.git

fix ajp_msg_check_header check


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1933347 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/proxy/ajp_msg.c b/modules/proxy/ajp_msg.c
index e10db7a0a5..349b5d7e08 100644
--- a/modules/proxy/ajp_msg.c
+++ b/modules/proxy/ajp_msg.c
@@ -166,11 +166,11 @@ apr_status_t ajp_msg_check_header(ajp_msg_t *msg, apr_size_t *len)
     msglen  = ((head[2] & 0xff) << 8);
     msglen += (head[3] & 0xFF);
 
-    if (msglen > msg->max_size) {
+    if (msglen > (msg->max_size - AJP_HEADER_LEN)) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, APLOGNO(01081)
                      "ajp_msg_check_header() incoming message is "
                      "too big %" APR_SIZE_T_FMT ", max is %" APR_SIZE_T_FMT,
-                     msglen, msg->max_size);
+                     msglen, msg->max_size - AJP_HEADER_LEN);
         return AJP_ETOBIG;
     }