Unbounded memory allocation based on untrusted length

Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory