proto_ws: decline Sec-WebSocket-Key keys that are not 24 bytes

In case the key is not 24 bytes, the some internal buffers might be
overwritten, resulting in malformed/bad Sec-WebSocket-Accept generation.
And since the RFC requires the key to be random 16-bytes-base64
encoding, the length should always be 24 bytes.

Thanks go to @hafkensite for reporting it on GitHub and to @wdoekes for
profiving the fix. Close #1928

(cherry picked from commit 6f24b26)

modules/proto_ws/ws_handshake_common.h

@@ -912,10 +912,17 @@ static int ws_parse_req_handshake(struct tcp_connection *c, char *msg, int len)
 
 				str_trim_spaces_lr(hf->body);
 
-				/* the key is already in the buffer, so we can just copy it */
-				WS_KEY(c) = hf->body;
-
-				flags |= WS_KEY_F;
+				/* RFC-6455 4.1: Opening Handshake: Client Requirements
+				 * 7.  The request MUST include a header field with the name
+				 *     |Sec-WebSocket-Key|.  The value of this header field MUST be a
+				 *     nonce consisting of a randomly selected 16-byte value that has
+				 *     been base64-encoded (see Section 4 of [RFC4648]).  The nonce
+				 *     MUST be selected randomly for each connection. */
+				if (hf->body.len == WS_KEY_LEN) {
+					/* the key is already in the buffer, so we can just copy it */
+					WS_KEY(c) = hf->body;
+					flags |= WS_KEY_F;
+				}
 			} else if (hf->name.len == HDR_LEN("Sec-WebSocket-Version") &&
 					GET_LOWER(hf->name.s + 14) == 'v' &&
 					GET_LOWER(hf->name.s + 15) == 'e' &&
@@ -967,7 +974,8 @@ static int ws_parse_req_handshake(struct tcp_connection *c, char *msg, int len)
 		if (flags & WS_ORIGIN_F)
 			LM_ERR("Origin header not present!\n");
 		if (flags & WS_KEY_F)
-			LM_ERR("Sec-WebSocket-Key header not present!\n");
+			LM_ERR("Sec-WebSocket-Key header not present or does not "
+					"have the desired length (%d)!\n", WS_KEY_LEN);
 		if (flags & WS_VER_F)
 			LM_ERR("Sec-WebSocket-Version header not present!\n");
 		if (flags & WS_PROTO_F)