Limit subprotocol and extension lengths

Author: uNetworkingAB

src/HTTPSocket.cpp

@@ -228,13 +228,13 @@ void HttpSocket<isServer>::upgrade(const char *secKey, const char *extensions, s
         base64(shaDigest, upgradeBuffer + 97);
         memcpy(upgradeBuffer + 125, "\r\n", 2);
         size_t upgradeResponseLength = 127;
-        if (extensionsResponse.length()) {
+        if (extensionsResponse.length() && extensionsResponse.length() < 200) {
             memcpy(upgradeBuffer + upgradeResponseLength, "Sec-WebSocket-Extensions: ", 26);
             memcpy(upgradeBuffer + upgradeResponseLength + 26, extensionsResponse.data(), extensionsResponse.length());
             memcpy(upgradeBuffer + upgradeResponseLength + 26 + extensionsResponse.length(), "\r\n", 2);
             upgradeResponseLength += 26 + extensionsResponse.length() + 2;
         }
-        if (subprotocolLength) {
+        if (subprotocolLength && subprotocolLength < 200) {
             memcpy(upgradeBuffer + upgradeResponseLength, "Sec-WebSocket-Protocol: ", 24);
             memcpy(upgradeBuffer + upgradeResponseLength + 24, subprotocol, subprotocolLength);
             memcpy(upgradeBuffer + upgradeResponseLength + 24 + subprotocolLength, "\r\n", 2);