diff --git a/src/rcp.c b/src/rcp.c
index f1a12f04..0ab035f8 100644
--- a/src/rcp.c
+++ b/src/rcp.c
@@ -986,6 +986,11 @@ sink (int argc, char *argv[])
 	size = size * 10 + (*cp++ - '0');
       if (*cp++ != ' ')
 	SCREWUP ("size not delimited");
+	if (*cp == '\0' || strchr(cp, '/') != NULL ||
+	    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+		fprintf(stderr,"error: unexpected filename: %s", cp);
+		exit(1);
+	}
       if (targisdir)
 	{
 	  static char *namebuf = NULL;