Hi, running coverity scan on libsec it reported two defects that do not
seem false positives:

1. an out of bound access to aesXCBCmac (see
https://github.com/JehanneOS/jehanne/issues/3 )
2. an out of bound access in msgRecv, tlshand.c:1809 (see
https://github.com/JehanneOS/jehanne/issues/4 )

I verified that the code is more or less the same on 9front.
I "fixed" the first with an assert, but I'm not sure wherther passing
sizeof(m->u.finished.verify) to memset in the second is the correct
solution.

Am I missing something?


Giacomo