mbedtls_timing_get_timer: don't use uninitialized memory mbedtls_timing_get_timer with reset=1 is called both to initialize a timer object and to reset an already-initialized object. In an initial call, the content of the data structure is indeterminate, so the code should not read from it. This could crash if signed overflows trap, for example. As a consequence, on reset, we can't return the previously elapsed time as was previously done on Windows. Return 0 as was done on Unix.

commit: b29e70bb0184f0a93bfbecee526b18a2f94f525b [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 16 19:33:06 2017 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Dec 20 19:33:48 2017 +0100
tree: 359503b26d175ed029981f4f6942863e1aa96823
parent: 02c3167b40be04aa7856491673bd61e882e2849e [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 5c3eaa5..76d4b54 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -54,6 +54,7 @@
    * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
      MilenkoMitrovic, #1104
    * Fix mbedtls_timing_alarm(0) on Unix.
+   * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1.
 
 Changes
    * Extend cert_write example program by options to set the CRT version
commit	b29e70bb0184f0a93bfbecee526b18a2f94f525b	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Oct 16 19:33:06 2017 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Dec 20 19:33:48 2017 +0100
tree	359503b26d175ed029981f4f6942863e1aa96823
parent	02c3167b40be04aa7856491673bd61e882e2849e [diff] [blame]