qcacmn: Validate buffer length in wmi tlv check and pad tlvs

Currently there is no validation of the buffer length passed by the
caller in the function to validate the TLV's coming for an event/
command. This may cause possible null pointer reference. In this
change validate the buffer length passed by the caller.

Change-Id: Ia365cf78acce3a235b9e15e6ed95a1aaa06b4c6f
CRs-Fixed: 2105739

wmi/src/wmi_tlv_helper.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2017 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -518,6 +518,13 @@ wmitlv_check_and_pad_tlvs(void *os_handle, void *param_struc_ptr,
 	}
 	/* NOTE: the returned number of TLVs is in "attr_struct_ptr.cmd_num_tlv" */
 
+	if (param_buf_len < WMI_TLV_HDR_SIZE) {
+		wmi_tlv_print_error
+			("%s: ERROR: Incorrect param buf length passed\n",
+			__func__);
+		return error;
+	}
+
 	/* Create base structure of format wmi_cmd_event_id##_param_tlvs */
 	len_wmi_cmd_struct_buf =
 		attr_struct_ptr.cmd_num_tlv * sizeof(wmitlv_cmd_param_info);