diff -Nupr a/squashfs-tools/Makefile b/squashfs-tools/Makefile
--- a/squashfs-tools/Makefile	2021-10-08 12:02:28.881477426 -0500
+++ b/squashfs-tools/Makefile	2021-10-08 11:47:05.503307841 -0500
@@ -117,7 +117,7 @@ MKSQUASHFS_OBJS = mksquashfs.o read_fs.o
 	caches-queues-lists.o
 
 UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \
-	unsquash-4.o swap.o compressor.o unsquashfs_info.o
+	unsquash-4.o unsquash-1234.o swap.o compressor.o unsquashfs_info.o
 
 CFLAGS ?= -O2
 CFLAGS += $(EXTRA_CFLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 \
@@ -292,6 +292,8 @@ unsquash-3.o: unsquashfs.h unsquash-3.c
 unsquash-4.o: unsquashfs.h unsquash-4.c squashfs_fs.h squashfs_swap.h \
 	read_fs.h
 
+unsquash-1234.o: unsquash-1234.c
+
 unsquashfs_xattr.o: unsquashfs_xattr.c unsquashfs.h squashfs_fs.h xattr.h
 
 unsquashfs_info.o: unsquashfs.h squashfs_fs.h
diff -Nupr a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
--- a/squashfs-tools/unsquash-1234.c	1969-12-31 18:00:00.000000000 -0600
+++ b/squashfs-tools/unsquash-1234.c	2021-10-08 11:49:06.032243697 -0500
@@ -0,0 +1,58 @@
+/*
+ * Unsquash a squashfs filesystem.  This is a highly compressed read only
+ * filesystem.
+ *
+ * Copyright (c) 2021
+ * Phillip Lougher <phillip@squashfs.org.uk>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2,
+ * or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * unsquash-1234.c
+ *
+ * Helper functions used by unsquash-1, unsquash-2, unsquash-3 and
+ * unsquash-4.
+ */
+
+#define TRUE 1
+#define FALSE 0
+/*
+ * Check name for validity, name should not
+ *  - be ".", "./", or
+ *  - be "..", "../" or
+ *  - have a "/" anywhere in the name, or
+ *  - be shorter than the expected size
+ */
+int check_name(char *name, int size)
+{
+	char *start = name;
+
+	if(name[0] == '.') {
+		if(name[1] == '.')
+			name++;
+		if(name[1] == '/' || name[1] == '\0')
+			return FALSE;
+	}
+
+	while(name[0] != '/' && name[0] != '\0')
+		name ++;
+
+	if(name[0] == '/')
+		return FALSE;
+
+	if((name - start) != size)
+		return FALSE;
+
+	return TRUE;
+}
diff -Nupr a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
--- a/squashfs-tools/unsquash-1.c	2014-03-08 23:31:59.000000000 -0600
+++ b/squashfs-tools/unsquash-1.c	2021-10-08 11:51:18.827274779 -0500
@@ -2,7 +2,7 @@
  * Unsquash a squashfs filesystem.  This is a highly compressed read only
  * filesystem.
  *
- * Copyright (c) 2009, 2010, 2011, 2012
+ * Copyright (c) 2009, 2010, 2011, 2012, 2021
  * Phillip Lougher <phillip@squashfs.org.uk>
  *
  * This program is free software; you can redistribute it and/or
@@ -285,6 +285,13 @@ struct dir *squashfs_opendir_1(unsigned
 			memcpy(dire->name, directory_table + bytes,
 				dire->size + 1);
 			dire->name[dire->size + 1] = '\0';
+
+			/* check name for invalid characters (i.e /, ., ..) */
+			if(check_name(dire->name, dire->size + 1) == FALSE) {
+				ERROR("File system corrupted: invalid characters in name\n");
+				goto corrupted;
+			}
+
 			TRACE("squashfs_opendir: directory entry %s, inode "
 				"%d:%d, type %d\n", dire->name,
 				dirh.start_block, dire->offset, dire->type);
diff -Nupr a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
--- a/squashfs-tools/unsquash-3.c	2014-03-08 23:31:59.000000000 -0600
+++ b/squashfs-tools/unsquash-3.c	2021-10-08 11:56:30.881697731 -0500
@@ -2,7 +2,7 @@
  * Unsquash a squashfs filesystem.  This is a highly compressed read only
  * filesystem.
  *
- * Copyright (c) 2009, 2010, 2011, 2012, 2013
+ * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2021
  * Phillip Lougher <phillip@squashfs.org.uk>
  *
  * This program is free software; you can redistribute it and/or
@@ -363,6 +363,13 @@ struct dir *squashfs_opendir_3(unsigned
 			memcpy(dire->name, directory_table + bytes,
 				dire->size + 1);
 			dire->name[dire->size + 1] = '\0';
+
+			/* check name for invalid characters (i.e /, ., ..) */
+			if(check_name(dire->name, dire->size + 1) == FALSE) {
+				ERROR("File system corrupted: invalid characters in name\n");
+				goto corrupted;
+			}
+			
 			TRACE("squashfs_opendir: directory entry %s, inode "
 				"%d:%d, type %d\n", dire->name,
 				dirh.start_block, dire->offset, dire->type);
diff -Nupr a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
--- a/squashfs-tools/unsquash-4.c	2021-10-08 12:02:28.879477411 -0500
+++ b/squashfs-tools/unsquash-4.c	2021-10-08 11:57:20.357081890 -0500
@@ -2,7 +2,7 @@
  * Unsquash a squashfs filesystem.  This is a highly compressed read only
  * filesystem.
  *
- * Copyright (c) 2009, 2010, 2011, 2012, 2013
+ * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2021
  * Phillip Lougher <phillip@squashfs.org.uk>
  *
  * This program is free software; you can redistribute it and/or
@@ -332,6 +332,13 @@ struct dir *squashfs_opendir_4(unsigned
 			memcpy(dire->name, directory_table + bytes,
 				dire->size + 1);
 			dire->name[dire->size + 1] = '\0';
+
+			/* check name for invalid characters (i.e /, ., ..) */
+			if(check_name(dire->name, dire->size + 1) == FALSE) {
+				ERROR("File system corrupted: invalid characters in name\n");
+				goto corrupted;
+			}
+
 			TRACE("squashfs_opendir: directory entry %s, inode "
 				"%d:%d, type %d\n", dire->name,
 				dirh.start_block, dire->offset, dire->type);
diff -Nupr a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c
--- a/squashfs-tools/unsquashfs.c	2021-10-08 12:02:28.888477481 -0500
+++ b/squashfs-tools/unsquashfs.c	2021-10-08 11:59:29.508084687 -0500
@@ -3,7 +3,7 @@
  * filesystem.
  *
  * Copyright (c) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
- * 2012, 2013, 2014
+ * 2012, 2013, 2014, 2021
  * Phillip Lougher <phillip@squashfs.org.uk>
  *
  * This program is free software; you can redistribute it and/or
@@ -2478,8 +2478,8 @@ int parse_number(char *arg, int *res)
 
 
 #define VERSION() \
-	printf("unsquashfs version 4.3 (2014/05/12)\n");\
-	printf("copyright (C) 2014 Phillip Lougher "\
+	printf("unsquashfs version 4.3 (2021/10/8)\n");\
+	printf("copyright (C) 2021 Phillip Lougher "\
 		"<phillip@squashfs.org.uk>\n\n");\
     	printf("This program is free software; you can redistribute it and/or"\
 		"\n");\
diff -Nupr a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
--- a/squashfs-tools/unsquashfs.h	2014-05-09 23:54:13.000000000 -0500
+++ b/squashfs-tools/unsquashfs.h	2021-10-08 12:01:00.424790607 -0500
@@ -4,7 +4,7 @@
  * Unsquash a squashfs filesystem.  This is a highly compressed read only
  * filesystem.
  *
- * Copyright (c) 2009, 2010, 2013, 2014
+ * Copyright (c) 2009, 2010, 2013, 2014, 2021
  * Phillip Lougher <phillip@squashfs.org.uk>
  *
  * This program is free software; you can redistribute it and/or
@@ -275,4 +275,7 @@ extern struct inode *read_inode_4(unsign
 extern struct dir *squashfs_opendir_4(unsigned int, unsigned int,
 	struct inode **);
 extern int read_uids_guids_4();
+
+/* unsquash-1234.c */
+extern int check_name(char *, int);
 #endif