qcacld-3.0: Remove off-by-one write condition in sch_beacon_process

In the API, the driver inserts 0 after the SSID name, to mark the
end of the ssid, but if the SSID name is 32 characters which is
the max SSID length possible, the driver puts 0 at the 33rd
place of memory which is not the part of the SSID name, which
results in OOB write, or off-by-one write condition.

Fix is to remove the addition of 0 after ssid, as in every
case the driver prints the ssid, taking the ssid length
as the input, and in that case insertion of 0 will not serve
any purpose.

Change-Id: I1d58026ec9f48fe9d00bd2f50783c65899588978
CRs-Fixed: 2232526

core/mac/inc/sir_mac_prot_def.h

@@ -1015,9 +1015,10 @@ struct merged_mac_rate_set {
 	uint8_t rate[2 * SIR_MAC_RATESET_EID_MAX];
 };
 
+/* Reserve 1 byte for NULL character in the SSID name field to print in %s */
 typedef struct sSirMacSSid {
 	uint8_t length;
-	uint8_t ssId[SIR_MAC_MAX_SSID_LENGTH];
+	uint8_t ssId[SIR_MAC_MAX_SSID_LENGTH +1];
 } qdf_packed tSirMacSSid;
 
 typedef struct sSirMacWpaInfo {

core/mac/src/pe/sch/sch_beacon_process.c

@@ -1074,9 +1074,6 @@ sch_beacon_process(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info,
 		return;
 	}
 
-	if (bcn.ssidPresent)
-		bcn.ssId.ssId[bcn.ssId.length] = 0;
-
 	/*
 	 * Now process the beacon in the context of the BSS which is
 	 * transmitting the beacons, if one is found