Personally, I'd just set $CGI::POST_MAX, to reject big requests. In fact, you could probably set $CGI::POST_MAX to something a bit higher than the maximum file size (to allow for some additional data, like filename and other user input) and then check the file size after the upload succeeds.

From the docs:

       $CGI::POST_MAX
           If set to a non-negative integer, this variable puts a ceil
+ing on
           the size of POSTings, in bytes.  If CGI.pm detects a POST t
+hat is
           greater than the ceiling, it will immediately exit with an 
+error
           message.  This value will affect both ordinary POSTs and mu
+ltipart
           POSTs, meaning that it limits the maximum size of file uplo
+ads as
           well.  You should set this to a reasonably high value, such
+ as 1
           megabyte.
[download]

Make sure you set it at the top of your script (before using any CGI.pm functions)

Joost