qcacld-3.0: Add buf len check in wlan_hdd_cfg80211_testmode

qcacld-2.0 to qcacld-3.0 propagation.

In __wlan_hdd_cfg80211_testmode API no checks are in place that
ensure that buflen is smaller or equal the size of the stack
variable hb_params. Hence, the vos_mem_copy() call can overflow
stack memory.

Add buf len check to avoid stack overflow

CRs-Fixed: 1105085
Change-Id: I6af6a74cc38ebce3337120adcf7e9595f22d3d8c

core/hdd/src/wlan_hdd_cfg80211.c

@@ -17489,6 +17489,12 @@ static int __wlan_hdd_cfg80211_testmode(struct wiphy *wiphy,
 			time_period_sec == 0))
 			return -EINVAL;
 
+		if (buf_len > sizeof(*hb_params)) {
+			hdd_err("buf_len=%d exceeded hb_params size limit",
+				buf_len);
+			return -ERANGE;
+		}
+
 		hb_params = (struct pmo_lphb_req *)qdf_mem_malloc(
 				sizeof(*hb_params));
 		if (NULL == hb_params) {