qcacld-3.0: Avoid out of bounds access in testmode_cmd

While processing cfg80211 callback testmode_cmd(), size of vendor
attribute TM_ATTR_DATA is not validated against the maximum length
but type casted to the internally defined structure pmo_lphb_req.
This can lead to out of bounds access if the size of attr is less than
size of pmo_lphb_req.

To address this, validate size of TM_ATTR_DATA.

Change-Id: I83b18d0935ebc6139644c02a9e51ef25a12b9176
CRs-Fixed: 2411653

core/hdd/src/wlan_hdd_cfg80211.c

@@ -20482,6 +20482,10 @@ static int __wlan_hdd_cfg80211_testmode(struct wiphy *wiphy,
 
 		buf = nla_data(tb[WLAN_HDD_TM_ATTR_DATA]);
 		buf_len = nla_len(tb[WLAN_HDD_TM_ATTR_DATA]);
+		if (buf_len < sizeof(*hb_params_temp)) {
+			hdd_err("Invalid buffer length for TM_ATTR_DATA");
+			return -EINVAL;
+		}
 
 		hb_params_temp = (struct pmo_lphb_req *) buf;
 		if ((hb_params_temp->cmd == pmo_lphb_set_tcp_pararm_indid)