qcacld-3.0: Avoid heap overflow during cfg80211 vendor scan request

WLAN driver's vendor scan request handler function declares ie_len
as uint8_t whereas kernel's cfg80211_scan_request ie_len is declared
as size_t. This type mismatch for ie_len leads to WLAN driver allocating
less memory on heap because of implicit integer overflow when kernel's
ie_len(declared as size_t) is bigger than hex 0xFF and when scan request
data is copied it overflows the allocated heap memory.

In WLAN driver's vendor scan request handler declare ie_len and len also
of type size_t such that always correct size heap memory is allocated and
there is no heap overflow during memory copy.

Change-Id: I240113d34c561c7155303b0b8b253c0cbaf7724b
CRs-Fixed: 2145573

core/hdd/src/wlan_hdd_scan.c

@@ -921,9 +921,9 @@ static int __wlan_hdd_cfg80211_vendor_scan(struct wiphy *wiphy,
 	struct cfg80211_scan_request *request = NULL;
 	struct nlattr *attr;
 	enum nl80211_band band;
-	uint8_t n_channels = 0, n_ssid = 0, ie_len = 0;
+	uint8_t n_channels = 0, n_ssid = 0;
 	uint32_t tmp, count, j;
-	unsigned int len;
+	size_t len, ie_len;
 	struct ieee80211_channel *chan;
 	struct hdd_context *hdd_ctx = wiphy_priv(wiphy);
 	struct hdd_adapter *adapter = WLAN_HDD_GET_PRIV_PTR(wdev->netdev);