mbedtls_timing_get_timer: don't use uninitialized memory mbedtls_timing_get_timer with reset=1 is called both to initialize a timer object and to reset an already-initialized object. In an initial call, the content of the data structure is indeterminate, so the code should not read from it. This could crash if signed overflows trap, for example. As a consequence, on reset, we can't return the previously elapsed time as was previously done on Windows. Return 0 as was done on Unix.

commit: d92f0aa3bec86b7b74cd4c7372b9a4b5323b0cfc [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 16 19:33:06 2017 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Dec 20 18:53:52 2017 +0100
tree: 8823cd1ccb89ac0225f3e6b0122eb6c337e1230e
parent: a9edc4805b5e73885eb3ca1e9fe905e7321c226a [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index bfba279..2061be0 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -10,6 +10,7 @@
      Found by projectgus and jethrogb, #836.
    * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
    * Fix mbedtls_timing_alarm(0) on Unix.
+   * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1.
 
 = mbed TLS 2.6.0 branch released 2017-08-10
commit	d92f0aa3bec86b7b74cd4c7372b9a4b5323b0cfc	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Oct 16 19:33:06 2017 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Dec 20 18:53:52 2017 +0100
tree	8823cd1ccb89ac0225f3e6b0122eb6c337e1230e
parent	a9edc4805b5e73885eb3ca1e9fe905e7321c226a [diff] [blame]