diff --git a/core/src/main/java/com/threerings/getdown/tools/Patcher.java b/core/src/main/java/com/threerings/getdown/tools/Patcher.java
index 5c8baaaa..cad69314 100644
--- a/core/src/main/java/com/threerings/getdown/tools/Patcher.java
+++ b/core/src/main/java/com/threerings/getdown/tools/Patcher.java
@@ -125,6 +125,9 @@ protected void patchFile (ZipFile file, ZipEntry entry, File appdir, String path
     {
         File target = new File(appdir, path);
         File patch = new File(appdir, entry.getName());
+        if (!patch.toPath().normalize().startsWith(appdir.toPath().normalize())) {
+            throw new RuntimeException("Bad zip entry");
+        }
         File otarget = new File(appdir, path + ".old");
         JarDiffPatcher patcher = null;
 
diff --git a/core/src/main/java/com/threerings/getdown/util/FileUtil.java b/core/src/main/java/com/threerings/getdown/util/FileUtil.java
index f7c67ef1..8f75b7c7 100644
--- a/core/src/main/java/com/threerings/getdown/util/FileUtil.java
+++ b/core/src/main/java/com/threerings/getdown/util/FileUtil.java
@@ -136,6 +136,9 @@ public static void unpackJar (ZipFile jar, File target, boolean cleanExistingDir
         while (entries.hasMoreElements()) {
             ZipEntry entry = entries.nextElement();
             File efile = new File(target, entry.getName());
+            if (!efile.toPath().normalize().startsWith(target.toPath().normalize())) {
+                throw new IOException("Bad zip entry");
+            }
 
             // if we're unpacking a normal jar file, it will have special path
             // entries that allow us to create our directories first