--- rpmunpack.orig	2003-01-15 16:01:41.000000000 +0100
+++ rpmunpack.c	2003-01-15 16:14:55.000000000 +0100
@@ -58,9 +58,10 @@
 /*
  * Main program
  */
-void main(int argc, char **argv)
+int main(int argc, char **argv)
 {
   int len, status = 0;
+  char *x;
 
   /* Get our own program name */
   if ((progname = strrchr(argv[0], '/')) == NULL)
@@ -94,6 +95,13 @@
 
   /* Open output file */
   strcat(buffer, ".cpio.gz");
+
+  /* check for directory traversal stuff */
+  while ( (x = strchr( buffer, 47 )) != NULL ){
+	*x = 95;
+	/* replace the / with a _ */
+  }  
+
   if (infile == STDIN_FILENO)
 	outfile = STDOUT_FILENO;
   else if ((outfile = open(buffer, O_WRONLY | O_CREAT | O_TRUNC, 0644)) < 0) {
@@ -111,7 +119,7 @@
    * never appears before offset 0x200, so we skip these first couple of
    * bytes to make the signature scan a little more reliable.
    */
-  myread(0x200 - 74);
+  myread( (int) 0x200 - 74);
   while (status < 2) {
 	myread(1);
 	if (status == 0 && buffer[0] == GZ_MAGIC_1)

.