diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index f0f187f56cd6..003247a12e89 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -48,6 +48,7 @@
 #include <sys/ktrace.h>
 #include <sys/malloc.h>
 #include <sys/syslog.h>
+#include <sys/sysent.h>
 
 static MALLOC_DEFINE(M_KTRACE, "KTRACE", "KTRACE");
 
@@ -359,6 +360,8 @@ utrace(curp, uap)
 
 	if (!KTRPOINT(p, KTR_USER))
 		return (0);
+	if (SCARG(uap, len) > KTR_USER_MAXLEN)
+		return (EINVAL);
 	p->p_traceflag |= KTRFAC_ACTIVE;
 	kth = ktrgetheader(KTR_USER);
 	MALLOC(cp, caddr_t, uap->len, M_KTRACE, M_WAITOK);
diff --git a/sys/sys/ktrace.h b/sys/sys/ktrace.h
index 7c84690e0f2f..2ca616b92838 100644
--- a/sys/sys/ktrace.h
+++ b/sys/sys/ktrace.h
@@ -136,6 +136,7 @@ struct ktr_csw {
 /*
  * KTR_USER - data comming from userland
  */
+#define KTR_USER_MAXLEN	2048	/* maximum length of passed data */
 #define KTR_USER	7
 
 /*