--- a/rcp/rcp.c
+++ b/rcp/rcp.c
@@ -716,6 +716,11 @@
 			size = size * 10 + (*cp++ - '0');
 		if (*cp++ != ' ')
 			SCREWUP("size not delimited");
+		if (*cp == '\0' || strchr(cp, '/') != NULL ||
+		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+			error("error: unexpected filename: %s", cp);
+			exit(1);
+		}
 		if (targisdir) {
 			static char *namebuf;
 			static int cursize;
@@ -735,6 +739,8 @@
 			np = targ;
 		exists = stat(np, &stb) == 0;
 		if (buf[0] == 'D') {
+			if (!iamrecursive)
+				SCREWUP("received directory without -r");
 			if (exists) {
 				if ((stb.st_mode&S_IFMT) != S_IFDIR) {
 					errno = ENOTDIR;