qcacmn: Free nbuf on bpr disabled case only

If tx capture, sniffer are not enabled, mgmt nbuf is freed.
It is causing use-after-free in bpr enabled case
Added change to free only when bpr is disabled

Change-Id: Ia56254ca371cd9fbc21f5d58fac7ea96792d0bee
CRs-Fixed: 2663098

dp/wifi3.0/dp_htt.c

@@ -3008,7 +3008,8 @@ void dp_deliver_mgmt_frm(struct dp_pdev *pdev, qdf_nbuf_t nbuf)
 				     nbuf, HTT_INVALID_PEER,
 				     WDI_NO_VAL, pdev->pdev_id);
 	} else {
-		qdf_nbuf_free(nbuf);
+		if (!pdev->bpr_enable)
+			qdf_nbuf_free(nbuf);
 	}
 }
 #endif