Hi, running coverity scan on libsec it reported two defects that do not seem false positives:
1. an out of bound access to aesXCBCmac (see https://github.com/JehanneOS/jehanne/issues/3 ) 2. an out of bound access in msgRecv, tlshand.c:1809 (see https://github.com/JehanneOS/jehanne/issues/4 ) I verified that the code is more or less the same on 9front. I "fixed" the first with an assert, but I'm not sure wherther passing sizeof(m->u.finished.verify) to memset in the second is the correct solution. Am I missing something? Giacomo
