2 files changed, 7 insertions, 0 deletions

diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index d7fa5e5..566700b 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -31,6 +31,7 @@
 #include "libssh/crypto.h"
 
 #define MAX_PUBKEY_SIZE 0x100000 /* 1M */
+#define MAX_PRIVKEY_SIZE 0x400000 /* 4M */
 
 #define SSH_KEY_FLAG_EMPTY   0x0
 #define SSH_KEY_FLAG_PUBLIC  0x0001
diff --git a/src/pki.c b/src/pki.c
index e08ed4d..a3616c2 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -442,6 +442,12 @@ int ssh_pki_import_privkey_file(const char *filename,
         return SSH_ERROR;
     }
 
+    if (sb.st_size > MAX_PRIVKEY_SIZE) {
+        ssh_pki_log("Private key is bigger than 4M.");
+        fclose(file);
+        return SSH_ERROR;
+    }
+
     key_buf = malloc(sb.st_size + 1);
     if (key_buf == NULL) {
         fclose(file);