From 3036c73cbfcddd68859a34a06d07ecd0dee5f2dd Mon Sep 17 00:00:00 2001
From: Brian McKelvey <brian@worlize.com>
Date: Fri, 16 Jan 2015 13:29:18 -0800
Subject: [PATCH] Don't leave bytes of mask field uninitialized for
 client-to-server frames of zero-length payload.  Closes Issue #178.

---
 lib/WebSocketFrame.js | 33 +++++++++++----------------------
 1 file changed, 11 insertions(+), 22 deletions(-)

diff --git a/lib/WebSocketFrame.js b/lib/WebSocketFrame.js
index 447cbdf5..7be14202 100644
--- a/lib/WebSocketFrame.js
+++ b/lib/WebSocketFrame.js
@@ -252,29 +252,18 @@ WebSocketFrame.prototype.toBuffer = function(nullMask) {
         outputPos += 8;
     }
 
-    if (this.length > 0) {
-        if (this.mask) {
-            if (!nullMask) {
-                // Generate a mask key
-                maskKey = parseInt(Math.random()*0xFFFFFFFF);
-            }
-            else {
-                maskKey = 0x00000000;
-            }
-            this.maskBytes.writeUInt32BE(maskKey, 0, true);
-            
-            // write the mask key
-            this.maskBytes.copy(output, outputPos);
-            outputPos += 4;
+    if (this.mask) {
+        maskKey = nullMask ? 0 : (Math.random()*0xFFFFFFFF) | 0;
+        this.maskBytes.writeUInt32BE(maskKey, 0, true);
+        
+        // write the mask key
+        this.maskBytes.copy(output, outputPos);
+        outputPos += 4;
 
-            data.copy(output, outputPos);
-            var dataSegment = output.slice(outputPos);
-            bufferUtil.mask(dataSegment, this.maskBytes, dataSegment, 0, this.length);
-            // xor(output.slice(outputPos), this.maskBytes, 0);
-        }
-        else {
-            data.copy(output, outputPos);
-        }
+        bufferUtil.mask(data, this.maskBytes, output, outputPos, this.length);
+    }
+    else {
+        data.copy(output, outputPos);
     }
 
     return output;