Comment 8 for bug 1816727

The patch looks simple and likely backportable, and it doesn't seem to me that this is actually exposing a bug in websockify (but it's possible I'm just not seeing the bug you see in their implementation).

This aside, can a determined attacker cause similar resource consumption by just opening a bunch of connections to the socket and not closing them? If so, this is probably a class D (security hardening opportunity) report. Either way, I'm still in favor of continuing work on this bug in public unless there are objections.