qcacld-3.0: Fix buffer overwrite problem in GETIBSSPEERINFO

If (length + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (length + 1) and priv_data->total_len.

Change-Id: If0c74b3c6c76ee3ca296fd8e0e844b9c53c30498
CRs-Fixed: 2386056

core/hdd/src/wlan_hdd_ioctl.c

@@ -5292,9 +5292,10 @@ static int drv_cmd_get_ibss_peer_info(struct hdd_adapter *adapter,
 				(int)txRate,
 				(int)sta_ctx->ibss_peer_info.
 				peerInfoParams[0].rssi);
+		length = QDF_MIN(priv_data->total_len, length + 1);
 
 		/* Copy the data back into buffer */
-		if (copy_to_user(priv_data->buf, &extra, length + 1)) {
+		if (copy_to_user(priv_data->buf, &extra, length)) {
 			hdd_err("copy data to user buffer failed GETIBSSPEERINFO command");
 			ret = -EFAULT;
 			goto exit;