2 files changed, 6 insertions, 2 deletions

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 278e1af3eaa..8439d84e37d 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -408,6 +408,7 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
 	p->allow_bind = true;
 	p->max_recv_frag = 5840;
 	p->max_xmit_frag = 5840;
+	p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE;
 
 	*_p = p;
 	return NT_STATUS_OK;
@@ -1532,7 +1533,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
 		/*
 		 * Up to 4 MByte are allowed by all fragments
 		 */
-		available = DCERPC_NCACN_PAYLOAD_MAX_SIZE;
+		available = dce_conn->max_total_request_size;
 		if (er->stub_and_verifier.length > available) {
 			dcesrv_call_disconnect_after(existing,
 				"dcesrv_auth_request - existing payload too large");
@@ -1585,7 +1586,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
 		/*
 		 * Up to 4 MByte are allowed by all fragments
 		 */
-		if (call->pkt.u.request.alloc_hint > DCERPC_NCACN_PAYLOAD_MAX_SIZE) {
+		if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) {
 			dcesrv_call_disconnect_after(call,
 				"dcesrv_auth_request - initial alloc hint too large");
 			return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index 15b25ea8fda..72cb1bb1222 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -273,6 +273,9 @@ struct dcesrv_connection {
 
 	/* the association group the connection belongs to */
 	struct dcesrv_assoc_group *assoc_group;
+
+	/* The maximum total payload of reassembled request pdus */
+	size_t max_total_request_size;
 };