diff --git a/rhizome.h b/rhizome.h
index 13ad483d..2e410b39 100644
--- a/rhizome.h
+++ b/rhizome.h
@@ -484,7 +484,7 @@ rhizome_direct_sync_request
 int rhizome_direct_continue_sync_request(rhizome_direct_sync_request *r);
 int rhizome_direct_conclude_sync_request(rhizome_direct_sync_request *r);
 rhizome_direct_bundle_cursor *rhizome_direct_get_fill_response
-(unsigned char *buffer,int size);
+(unsigned char *buffer,int size,int max_response_bytes);
 
 typedef struct rhizome_direct_transport_state_http {
   int port;
diff --git a/rhizome_direct.c b/rhizome_direct.c
index 66975a57..e433353f 100644
--- a/rhizome_direct.c
+++ b/rhizome_direct.c
@@ -266,16 +266,18 @@ int rhizome_direct_conclude_sync_request(rhizome_direct_sync_request *r)
 */
 
 rhizome_direct_bundle_cursor *rhizome_direct_get_fill_response
-(unsigned char *buffer,int size)
+(unsigned char *buffer,int size, int max_response_bytes)
 {
   if (size<10) return NULL;
   if (size>65536) return NULL;
+  if (max_response_bytes<10) return NULL;
+  if (max_response_bytes>1048576) return NULL;
 
   int them_count=(size-10)/RHIZOME_BAR_BYTES;
 
-  unsigned char usbuffer[size];
+  unsigned char usbuffer[max_response_bytes];
 
-  rhizome_direct_bundle_cursor *c=rhizome_direct_bundle_iterator(size);
+  rhizome_direct_bundle_cursor *c=rhizome_direct_bundle_iterator(max_response_bytes);
   assert(c!=NULL);
   if (rhizome_direct_bundle_iterator_unpickle_range(c,buffer,10))
     {
@@ -285,6 +287,7 @@ rhizome_direct_bundle_cursor *rhizome_direct_get_fill_response
     }
   DEBUGF("unpickled size_high=%lld, limit_size_high=%lld",
 	 c->size_high,c->limit_size_high);
+  DEBUGF("c->buffer_size=%d",c->buffer_size);
 
   /* Get our list of BARs for the same cursor range */
   int us_count=rhizome_direct_bundle_iterator_fill(c,-1);
@@ -530,7 +533,11 @@ int rhizome_direct_bundle_iterator_fill(rhizome_direct_bundle_cursor *c,int max_
   c->buffer_offset_bytes=1+4+1+4; /* space for pickled cursor range */
 
   /* -1 is magic value for fill right up */
-  if (max_bars==-1) max_bars=c->buffer_size/RHIZOME_BAR_BYTES;
+  if (max_bars==-1) 
+    max_bars=(c->buffer_size-c->buffer_offset_bytes)/RHIZOME_BAR_BYTES;
+
+  DEBUGF("Iterating cursor size high %lld..%lld, max_bars=%d",
+	 c->size_high,c->limit_size_high,max_bars);
 
   while (bundles_stuffed<max_bars&&c->size_high<=c->limit_size_high) 
     {
diff --git a/rhizome_direct_http.c b/rhizome_direct_http.c
index becc9fd9..9e1dd97b 100644
--- a/rhizome_direct_http.c
+++ b/rhizome_direct_http.c
@@ -112,7 +112,10 @@ int rhizome_direct_form_received(rhizome_http_request *r)
 	rhizome_direct_clear_temporary_files(r);	     
 	return rhizome_server_simple_http_response(r,500,"Couldn't mmap() a file");
       }
-      rhizome_direct_bundle_cursor *c=rhizome_direct_get_fill_response(addr,stat.st_size);
+      /* Ask for a fill response.  Regardless of the size of the set of BARs passed
+	 to us, we will allow up to 64KB of response. */
+      rhizome_direct_bundle_cursor 
+	*c=rhizome_direct_get_fill_response(addr,stat.st_size,65536);
       munmap(addr,stat.st_size);
       close(fd);