- Added comprehensive bounds checking to all WebSocket message parsing
- Validate JSON structure (braces) before processing to prevent crashes
- Added length limits and bounds validation for all parameter extractions:
  * client_id: max 64 chars
  * password: max 256 chars
  * request_id: max 64 chars
  * enc/service/version: max 32 chars each
- Prevent buffer overflows that could corrupt heap metadata
- Ensure all string operations stay within allocated buffer bounds
- Server now logs errors and continues running instead of crashing on malformed packets
- Critical defense against DoS attacks via malformed WebSocket messages