diff --git a/patches/small_records.patch b/patches/small_records.patch
index f5f2286319..a2ea51ca48 100644
--- a/patches/small_records.patch
+++ b/patches/small_records.patch
@@ -157,7 +157,7 @@
 +		/* If we receive a valid record larger than the current buffer size,
 +		 * allocate some memory for it.
 +		 */
-+		if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
++		if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH - align)
 +			{
 +			if ((p=OPENSSL_realloc(s->s3->rbuf.buf, rr->length + SSL3_RT_HEADER_LENGTH + align))==NULL)
 +				{
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 51f21e0f01..c9ef2cd371 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -359,7 +359,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
 		/* If we receive a valid record larger than the current buffer size,
 		 * allocate some memory for it.
 		 */
-		if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
+		if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH - align)
 			{
 			if ((p=OPENSSL_realloc(s->s3->rbuf.buf, rr->length + SSL3_RT_HEADER_LENGTH + align))==NULL)
 				{