diff options
| author | Artur Malabarba <bruce.connor.am@gmail.com> | 2015-12-12 21:43:34 +0000 |
|---|---|---|
| committer | Artur Malabarba <bruce.connor.am@gmail.com> | 2015-12-12 21:43:34 +0000 |
| commit | 95a5c23f741f42c6f68e283570cdce10b1946296 (patch) | |
| tree | ffaa3f8101c4ec6da3d7d53bf99e229ef1816333 /lisp/emacs-lisp | |
| parent | cb5c26128f2cdfd5b14e553b347ae96048a838cb (diff) | |
| download | emacs-95a5c23f741f42c6f68e283570cdce10b1946296.tar.gz emacs-95a5c23f741f42c6f68e283570cdce10b1946296.tar.bz2 emacs-95a5c23f741f42c6f68e283570cdce10b1946296.zip | |
* lisp/emacs-lisp/package.el (package-unpack): Security check
Check that we received the package we were offered.
Diffstat (limited to 'lisp/emacs-lisp')
| -rw-r--r-- | lisp/emacs-lisp/package.el | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el index 3cf94ec0255..f60bff4a477 100644 --- a/lisp/emacs-lisp/package.el +++ b/lisp/emacs-lisp/package.el @@ -829,7 +829,10 @@ untar into a directory named DIR; otherwise, signal an error." (package--make-autoloads-and-stuff pkg-desc pkg-dir) ;; Update package-alist. (let ((new-desc (package-load-descriptor pkg-dir))) - ;; FIXME: Check that `new-desc' matches `desc'! + (unless (equal (package-desc-full-name new-desc) + (package-desc-full-name pkg-desc)) + (error "The retrieved package (`%s') doesn't match what the archive offered (`%s')" + (package-desc-full-name new-desc) (package-desc-full-name pkg-desc))) ;; Activation has to be done before compilation, so that if we're ;; upgrading and macros have changed we load the new definitions ;; before compiling. |