diff --git a/src/Makefile.am b/src/Makefile.am
index 72d60014..a8d7b974 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -84,7 +84,7 @@ ocserv_SOURCES = main.c main-auth.c worker-vpn.c worker-auth.c tlslib.c \
 	worker-bandwidth.c worker-bandwidth.h ctl.h main-ctl.h \
 	vasprintf.c vasprintf.h cfg.h \
 	proc-search.c proc-search.h http-heads.h \
-	main-ban.c main-ban.h \
+	main-ban.c main-ban.h common-config.h \
 	str.c str.h gettime.h $(CCAN_SOURCES) $(HTTP_PARSER_SOURCES) \
 	$(PROTOBUF_SOURCES) sec-mod-acct.h
 
diff --git a/src/common-config.h b/src/common-config.h
new file mode 100644
index 00000000..fad4634a
--- /dev/null
+++ b/src/common-config.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of ocserv.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ */
+#ifndef COMMON_CONFIG_H
+# define COMMON_CONFIG_H
+
+#include <vpn.h>
+
+int add_multi_line_val(void *pool, const char *name, char ***s_name, size_t *num,
+	 	       tOptionValue const *pov,
+		       const tOptionValue *val);
+
+#endif
diff --git a/src/config.c b/src/config.c
index ba33ea10..c38362dd 100644
--- a/src/config.c
+++ b/src/config.c
@@ -51,6 +51,7 @@
 #include <ctl.h>
 #include <tlslib.h>
 #include "cfg.h"
+#include "common-config.h"
 
 #define OLD_DEFAULT_CFG_FILE "/etc/ocserv.conf"
 #define DEFAULT_CFG_FILE "/etc/ocserv/ocserv.conf"
@@ -190,23 +191,10 @@ unsigned j;
 #define READ_MULTI_LINE(name, s_name, num) { \
 	val = get_option(name, &mand); \
 	if (val != NULL && val->valType == OPARG_TYPE_STRING) { \
-		if (s_name == NULL) { \
-			num = 0; \
-			s_name = talloc_size(config, sizeof(char*)*MAX_CONFIG_ENTRIES); \
-			if (s_name == NULL) { \
-				fprintf(stderr, "memory error\n"); \
-				exit(1); \
-			} \
+		if (add_multi_line_val(config, name, &s_name, &num, pov, val) < 0) { \
+			fprintf(stderr, "memory error\n"); \
+			exit(1); \
 		} \
-		do { \
-		        if (val && strcmp(val->pzName, name)!=0) \
-				continue; \
-		        s_name[num] = talloc_strdup(s_name, val->v.strVal); \
-		        num++; \
-		        if (num>=MAX_CONFIG_ENTRIES) \
-		        break; \
-	      } while((val = optionNextValue(pov, val)) != NULL); \
-	      s_name[num] = NULL; \
 	} else if (mand != 0) { \
 		fprintf(stderr, "Configuration option %s is mandatory.\n", name); \
 		exit(1); \
@@ -217,8 +205,8 @@ unsigned j;
 	if (val != NULL && val->valType == OPARG_TYPE_STRING) { \
 		if (s_name == NULL || s_name2 == NULL) { \
 			num = 0; \
-			s_name = talloc_size(config, sizeof(char*)*MAX_CONFIG_ENTRIES); \
-			s_name2 = talloc_size(config, sizeof(char*)*MAX_CONFIG_ENTRIES); \
+			s_name = talloc_size(config, sizeof(char*)*DEFAULT_CONFIG_ENTRIES); \
+			s_name2 = talloc_size(config, sizeof(char*)*DEFAULT_CONFIG_ENTRIES); \
 			if (s_name == NULL || s_name2 == NULL) { \
 				fprintf(stderr, "memory error\n"); \
 				exit(1); \
@@ -232,7 +220,7 @@ unsigned j;
 		        xp = strchr(s_name[num], '['); if (xp != NULL) *xp = 0; \
 		        s_name2[num] = get_brackets_string1(config, val->v.strVal); \
 		        num++; \
-		        if (num>=MAX_CONFIG_ENTRIES) \
+		        if (num>=DEFAULT_CONFIG_ENTRIES) \
 		        break; \
 	      } while((val = optionNextValue(pov, val)) != NULL); \
 	      s_name[num] = NULL; \
@@ -581,7 +569,7 @@ tOptionValue const * pov;
 const tOptionValue* val, *prev;
 unsigned j, i, mand;
 char** auth = NULL;
-unsigned auth_size = 0;
+size_t auth_size = 0;
 unsigned prefix = 0, auto_select_group = 0;
 unsigned prefix4 = 0;
 char *tmp;
@@ -589,7 +577,7 @@ unsigned force_cert_auth;
 struct cfg_st *config = perm_config->config;
 #ifdef HAVE_GSSAPI
 char **urlfw = NULL;
-unsigned urlfw_size = 0;
+size_t urlfw_size = 0;
 #endif
 
 	pov = configFileLoad(file);
@@ -1210,3 +1198,36 @@ void remove_pid_file(void)
 
 	remove(pid_file);
 }
+
+int add_multi_line_val(void *pool, const char *name, char ***s_name, size_t *num,
+		       tOptionValue const *pov,
+		       const tOptionValue *val)
+{
+	unsigned _max = DEFAULT_CONFIG_ENTRIES;
+	void *tmp;
+
+	if (*s_name == NULL) {
+		*num = 0;
+		*s_name = talloc_array(pool, char*, _max);
+		if (*s_name == NULL)
+			return -1;
+	}
+
+	do {
+	        if (val && strcmp(val->pzName, name)!=0)
+			continue;
+
+	        if (*num >= _max-1) {
+	        	_max += 128;
+	        	tmp = talloc_realloc(pool, *s_name, char*, _max);
+			if (tmp == NULL)
+				return -1;
+			*s_name = tmp;
+	        }
+
+	        (*s_name)[*num] = talloc_strdup(*s_name, val->v.strVal);
+	        (*num)++;
+      } while((val = optionNextValue(pov, val)) != NULL);
+      (*s_name)[*num] = NULL;
+      return 0;
+}
diff --git a/src/sup-config/file.c b/src/sup-config/file.c
index 1fd6e300..7147a8a7 100644
--- a/src/sup-config/file.c
+++ b/src/sup-config/file.c
@@ -34,6 +34,7 @@
 
 #include <vpn.h>
 #include <main.h>
+#include <common-config.h>
 #include <sec-mod-sup-config.h>
 
 struct cfg_options {
@@ -71,19 +72,7 @@ static struct cfg_options available_options[] = {
 #define READ_RAW_MULTI_LINE(name, s_name, num) { \
 	val = optionGetValue(pov, name); \
 	if (val != NULL && val->valType == OPARG_TYPE_STRING) { \
-		if (s_name == NULL) { \
-			num = 0; \
-			s_name = talloc_size(pool, sizeof(char*)*MAX_CONFIG_ENTRIES); \
-		} \
-		do { \
-		        if (num >= MAX_CONFIG_ENTRIES) \
-			        break; \
-		        if (val && strcmp(val->pzName, name)!=0) \
-				continue; \
-		        s_name[num] = talloc_strdup(pool, val->v.strVal); \
-		        num++; \
-	      } while((val = optionNextValue(pov, val)) != NULL); \
-	      s_name[num] = NULL; \
+		add_multi_line_val(pool, name, &s_name, &num, pov, val); \
 	}}
 
 #define READ_RAW_STRING(name, s_name) { \
diff --git a/src/vpn.h b/src/vpn.h
index cc029da4..67ae8c9f 100644
--- a/src/vpn.h
+++ b/src/vpn.h
@@ -183,21 +183,21 @@ typedef enum {
 struct group_cfg_st {
 	/* routes to be forwarded to the client */
 	char **routes;
-	unsigned int routes_size;
+	size_t routes_size;
 
 	/* routes that are excluded */
 	char **no_routes;
-	unsigned int no_routes_size;
+	size_t no_routes_size;
 
 	/* routes to be applied to the server */
 	char **iroutes;
-	unsigned int iroutes_size;
+	size_t iroutes_size;
 
 	char **dns;
-	unsigned int dns_size;
+	size_t dns_size;
 
 	char **nbns;
-	unsigned int nbns_size;
+	size_t nbns_size;
 
 	char *ipv4_network;
 	char *ipv6_network;
@@ -238,17 +238,17 @@ struct vpn_st {
 	unsigned int mtu;
 
 	char **routes;
-	unsigned int routes_size;
+	size_t routes_size;
 
 	/* excluded routes */
 	char **no_routes;
-	unsigned int no_routes_size;
+	size_t no_routes_size;
 
 	char **dns;
-	unsigned int dns_size;
+	size_t dns_size;
 
 	char **nbns;
-	unsigned int nbns_size;
+	size_t nbns_size;
 };
 
 #define MAX_AUTH_METHODS 4
@@ -294,9 +294,9 @@ struct cfg_st {
 	char *pin_file;
 	char *srk_pin_file;
 	char **cert;
-	unsigned cert_size;
+	size_t cert_size;
 	char **key;
-	unsigned key_size;
+	size_t key_size;
 
 	char *ca;
 	char *crl;
@@ -322,10 +322,10 @@ struct cfg_st {
 	char *default_select_group;
 
 	char **custom_header;
-	unsigned custom_header_size;;
+	size_t custom_header_size;;
 
 	char **split_dns;
-	unsigned split_dns_size;;
+	size_t split_dns_size;;
 
 
 	unsigned deny_roaming; /* whether a cookie is restricted to a single IP */
@@ -438,7 +438,7 @@ struct main_server_st;
 #define MAX_GROUPNAME_SIZE MAX_USERNAME_SIZE
 #define MAX_SESSION_DATA_SIZE (4*1024)
 
-#define MAX_CONFIG_ENTRIES 96
+#define DEFAULT_CONFIG_ENTRIES 96
 
 #include <tun.h>