qcacmn: Added extra check to prevent buffer overflow

Added extra check to prevent buffer overflow pointed out
by static code analyzer tool.

Change-Id: Ieeb3e89089b63eac3dc210447d7ec8e964cd52c9
CRs-Fixed: 2285486

umac/cmn_services/crypto/src/wlan_crypto_aes_ccm.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
  */
 /*
  * Counter with CBC-MAC (CCM) with AES
@@ -51,13 +51,15 @@ static void aes_ccm_auth_start(void *aes, size_t M, size_t L,
 	}
 
 	wlan_crypto_put_be16(aad_buf, aad_len);
-	qdf_mem_copy(aad_buf + 2, aad, aad_len);
-	qdf_mem_set(aad_buf + 2 + aad_len, sizeof(aad_buf) - 2 - aad_len, 0);
+	qdf_mem_copy(aad_buf + AAD_LEN_FIELD, aad, aad_len);
+	if ((AAD_LEN_FIELD + aad_len) < sizeof(aad_buf))
+		qdf_mem_set(aad_buf + AAD_LEN_FIELD + aad_len,
+			    sizeof(aad_buf) - AAD_LEN_FIELD - aad_len, 0);
 
 	xor_aes_block(aad_buf, x);
 	wlan_crypto_aes_encrypt(aes, aad_buf, x); /* X_2 = E(K, X_1 XOR B_1) */
 
-	if (aad_len > AES_BLOCK_SIZE - 2) {
+	if (aad_len > AES_BLOCK_SIZE - AAD_LEN_FIELD) {
 		xor_aes_block(&aad_buf[AES_BLOCK_SIZE], x);
 		/* X_3 = E(K, X_2 XOR B_2) */
 		wlan_crypto_aes_encrypt(aes, &aad_buf[AES_BLOCK_SIZE], x);

umac/cmn_services/crypto/src/wlan_crypto_aes_i.h

@@ -26,6 +26,7 @@
 				+ WLAN_CRYPTO_EXT_IV_LEN)
 
 #define AES_BLOCK_SIZE 16
+#define AAD_LEN_FIELD  (2)
 #define wpa_printf(args...) do { } while (0)
 #define wpa_hexdump(l, t, b, le) do { } while (0)
 #define wpa_hexdump_buf(l, t, b) do { } while (0)