From 0e818dea0f0afdf827842f86d08aff5583ac96b0 Mon Sep 17 00:00:00 2001
From: Caleb James DeLisle <cjd@cjdns.fr>
Date: Sun, 19 Mar 2017 21:35:32 +0100
Subject: [PATCH] fix crash bug when someone sends a setup session packet with
 a specified handle

---
 net/SessionManager.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/SessionManager.c b/net/SessionManager.c
index 6394fe2b4..3789a39c1 100644
--- a/net/SessionManager.c
+++ b/net/SessionManager.c
@@ -315,6 +315,12 @@ static Iface_DEFUN incomingFromSwitchIf(struct Message* msg, struct Iface* iface
             return NULL;
         }
         Message_shift(msg, -4, NULL);
+        uint32_t nonce = Endian_bigEndianToHost32(((uint32_t*)msg->bytes)[0]);
+        if (nonce < 4) {
+            Log_debug(sm->log, "DROP setup message [%u] with specified handle [%u]",
+                nonce, nonceOrHandle);
+            return NULL;
+        }
     } else {
         // handle + big cryptoauth header
         if (msg->length < CryptoHeader_SIZE + 4) {