pki: Fix integer overflow in ssh_pki_import_privkey_file().

If the file size is ULONG_MAX, the call to malloc() may allocate a
small buffer, leading to a memory corruption.

src/pki.c

@@ -457,6 +457,7 @@ int ssh_pki_import_privkey_file(const char *filename,
                     filename, strerror(errno));
         return SSH_ERROR;
     }
+    key_buf[size] = 0;
 
     key = pki_private_key_from_base64(key_buf, passphrase, auth_fn, auth_data);
     SAFE_FREE(key_buf);
@@ -815,6 +816,10 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
         return SSH_ERROR;
     }
 
+    if (sb.st_size + 1 < sb.st_size) {
+        return SSH_ERROR;
+    }
+
     file = fopen(filename, "r");
     if (file == NULL) {
         ssh_pki_log("Error opening %s: %s",