This comes from the untrusted caller. It should be tainted before we
use it as a filename. (Actually in practice it's checked against the
`location' from the header, so this doesn't actually fix a
vulnerability.)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>