--- lha-114i/src/lhadd.c
+++ lha-114i/src/lhadd.c
@@ -35,6 +35,8 @@ add_one(fp, nafp, hdr)
 	if ((hdr->unix_mode & UNIX_FILE_SYMLINK) == UNIX_FILE_SYMLINK) {
 		char            buf[256], *b1, *b2;
 		if (!quiet) {
+			/* make sure we use a zero-terminated buffer */
+			hdr->name[255] = 0;
 			strcpy(buf, hdr->name);
 			b1 = strtok(buf, "|");
 			b2 = strtok(NULL, "|");
@@ -211,8 +213,11 @@ find_update_files(oafp)
 				add_sp(&sp, hdr.name, strlen(hdr.name) + 1);
 		}
 		else if ((hdr.unix_mode & UNIX_FILE_TYPEMASK) == UNIX_FILE_DIRECTORY) {
+			/* make sure we use a zero-terminated buffer */
+			hdr.name[sizeof(hdr.name)-1] = 0;
 			strcpy(name, hdr.name);
 			len = strlen(name);
+			/* XXX thomas: what about multiple '/' or about ".." */
 			if (len > 0 && name[len - 1] == '/')
 				name[--len] = '\0';	/* strip tail '/' */
 			if (stat(name, &stbuf) >= 0)	/* exist ? */
@@ -237,17 +242,21 @@ delete(oafp, nafp)
 
 	old_header_pos = ftell(oafp);
 	while (get_header(oafp, &ahdr)) {
+		/* make sure we use a zero-terminated buffer */
+		ahdr.name[sizeof(ahdr.name)-1] = 0;
 		strcpy(lpath, ahdr.name);
 		b1 = strtok(lpath, "|");
 		b2 = strtok(NULL, "|");
 		if (need_file(b1)) {	/* skip */
 			fseek(oafp, ahdr.packed_size, SEEK_CUR);
 			if (noexec || !quiet)
+			{
 				if (b2 != NULL)
 					printf("delete %s -> %s\n", b1, b2);
 				else
 					printf("delete %s\n", b1);
 		}
+		}
 		else {		/* copy */
 			if (noexec) {
 				fseek(oafp, ahdr.packed_size, SEEK_CUR);
@@ -276,7 +285,7 @@ build_temporary_file()
 	signal(SIGHUP, interrupt);
 
 	old_umask = umask(077);
-	afp = xfopen(temporary_name, WRITE_BINARY);
+	afp = xfopen(temporary_name, "!" WRITE_BINARY);
 	remove_temporary_at_error = TRUE;
 	temporary_fp = afp;
 	umask(old_umask);
--- lha-114i/src/lharc.c
+++ lha-114i/src/lharc.c
@@ -1005,10 +1005,18 @@ FILE           *
 xfopen(name, mode)
 	char           *name, *mode;
 {
-	FILE           *fp;
+	FILE           *fp = NULL;
+
+	if (mode[0] == '!') {
+		int	fd;
 
+		fd = open(name, O_RDWR|O_CREAT|O_EXCL, 0600);
+		if (fd < 0 || (fp = fdopen(fd, mode + 1)) == NULL)
+			fatal_error(name);
+	} else {
 	if ((fp = fopen(name, mode)) == NULL)
 		fatal_error(name);
+	}
 
 	return fp;
 }
--- lha-114i/src/lhext.c
+++ lha-114i/src/lhext.c
@@ -360,7 +360,6 @@ extract_one(afp, hdr)
 				}
 
 				unlink(bb1);
-				make_parent_path(bb1);
 				l_code = symlink(bb2, bb1);
 				if (l_code < 0) {
 					if (quiet != TRUE)