diff --git a/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java b/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
index 91c23b4447a79135169bd3cb3e7bd47f661ae588..64e1bdea2df425b95342d72aa22c55eebe1ea061 100644
--- a/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
+++ b/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
@@ -699,6 +699,7 @@ public class EstablishmentManager {
         // signs if we havent signed yet
         state.prepareSessionConfirmed();
         
+        // BUG - handle null return
         UDPPacket packets[] = _builder.buildSessionConfirmedPackets(state, _context.router().getRouterInfo().getIdentity());
         
         if (_log.shouldLog(Log.DEBUG))
diff --git a/router/java/src/net/i2p/router/transport/udp/OutboundEstablishState.java b/router/java/src/net/i2p/router/transport/udp/OutboundEstablishState.java
index fa01bc026f9e776d2504492ad30d5da62a318305..6e3738f306d117fec298375bdbcbf93f415526c8 100644
--- a/router/java/src/net/i2p/router/transport/udp/OutboundEstablishState.java
+++ b/router/java/src/net/i2p/router/transport/udp/OutboundEstablishState.java
@@ -348,6 +348,8 @@ public class OutboundEstablishState {
         DataHelper.toLong(signed, off, 4, _receivedRelayTag);
         off += 4;
         DataHelper.toLong(signed, off, 4, _sentSignedOnTime);
+        // BUG - if SigningPrivateKey is null, _sentSignature will be null, leading to NPE later
+        // should we throw something from here?
         _sentSignature = _context.dsa().sign(signed, _context.keyManager().getSigningPrivateKey());
     }
     
diff --git a/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java b/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java
index 26b82e66753c62dd444858b21cf0e1303ad0c9b7..4b16d078dae7bda704376d642aa9e60045389086 100644
--- a/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java
+++ b/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java
@@ -512,6 +512,10 @@ public class PacketBuilder {
      * encrypting it as necessary.
      * 
      * @return ready to send packets, or null if there was a problem
+     * 
+     * TODO: doesn't really return null, and caller doesn't handle null return
+     * (null SigningPrivateKey should cause this?)
+     * Should probably return null if buildSessionConfirmedPacket() turns null for any fragment
      */
     public UDPPacket[] buildSessionConfirmedPackets(OutboundEstablishState state, RouterIdentity ourIdentity) {
         byte identity[] = ourIdentity.toByteArray();
@@ -593,6 +597,7 @@ public class PacketBuilder {
                 off++;
             }
             
+            // BUG: NPE here if null signature
             System.arraycopy(state.getSentSignature().getData(), 0, data, off, Signature.SIGNATURE_BYTES);
             packet.getPacket().setLength(off + Signature.SIGNATURE_BYTES);
             authenticate(packet, state.getCipherKey(), state.getMACKey());