qcacld-3.0: Fix possible OOB read in wlan_hdd_set_sap_hwmode

A possible out-of-bound read can happen in the hdd function
wlan_hdd_set_sap_hwmode. To fix it, pass the proper length.

Change-Id: I11258c6d9f481a21afc3229762900153d6f83c82
CRs-Fixed: 2853407

core/hdd/src/wlan_hdd_hostapd.c

@@ -4482,12 +4482,21 @@ static void wlan_hdd_set_sap_hwmode(struct hdd_adapter *adapter)
 	u8 checkRatesfor11g = true;
 	u8 require_ht = false, require_vht = false;
 	const u8 *ie;
+	ssize_t size;
 
 	config->SapHw_mode = eCSR_DOT11_MODE_11b;
 
+	size = beacon->head_len - sizeof(mgmt_frame->u.beacon) -
+	      (sizeof(*mgmt_frame) - sizeof(mgmt_frame->u));
+
+	if (size <= 0) {
+		hdd_err_rl("Invalid length: %zu", size);
+		return;
+	}
+
 	ie = wlan_get_ie_ptr_from_eid(WLAN_EID_SUPP_RATES,
 				      &mgmt_frame->u.beacon.variable[0],
-				      beacon->head_len);
+				      size);
 	if (ie) {
 		ie += 1;
 		wlan_hdd_check_11gmode(ie, &require_ht, &require_vht,