+ /*
+ * Up to 4 MByte are allowed by all fragments
+ */
+ available = DCERPC_NCACN_PAYLOAD_MAX_SIZE;
+ if (call->pkt.u.request.stub_and_verifier.length > available) {
+ dcesrv_call_disconnect_after(call,
+ "dcesrv_auth_request - current payload too large");
+ return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
+ }
+ available -= call->pkt.u.request.stub_and_verifier.length;
+ if (call2->pkt.u.request.alloc_hint > available) {
+ dcesrv_call_disconnect_after(call,
+ "dcesrv_auth_request - alloc hint too large");
+ return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
+ }
+ if (call2->pkt.u.request.stub_and_verifier.length > available) {
+ dcesrv_call_disconnect_after(call,
+ "dcesrv_auth_request - new payload too large");
+ return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
+ }
+ alloc_hint = call->pkt.u.request.stub_and_verifier.length +
+ call2->pkt.u.request.alloc_hint;
+ /* allocate at least 1 byte */
+ alloc_hint = MAX(alloc_hint, 1);