diff --git a/CHANGES b/CHANGES
index 8ae782e1f..2cea42b00 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.6b and 0.9.6c  [XX xxx XXXX]
 
+  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
+     correctly.
+     [Bodo Moeller]
+
   *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
      client receives HelloRequest while in a handshake.
      [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index f1f9c6ce7..3f09b8bc1 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -436,6 +436,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 	/* next state (stn) */
 	p=(unsigned char *)s->init_buf->data;
 	n=s->s3->tmp.message_size;
+	n -= s->init_num;
 	while (n > 0)
 		{
 		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);