qcacld-3.0: Fix OOB when copy link beacon IE

Link beacon in roam sync frame event may be not for actual link when
roamed to 2+ link AP, then get right link beacon from scan cache, but
beacon size may be larger, if malloc buffer with link beacon size in roam
sync frame event to save beacon IE got from scan cache, OOB will happen.

To fix it, when malloc buf to save beacon IE during roaming, use max
mgmt mpdu size.

Change-Id: I08fc52ce26edc1f02365837a1ed7a632ed7c6706
CRs-Fixed: 3667410

components/umac/mlme/connection_mgr/core/src/wlan_cm_roam_offload_event.c

@@ -577,9 +577,8 @@ QDF_STATUS cm_roam_sync_event_handler_cb(struct wlan_objmgr_vdev *vdev,
 	    sync_ind->link_beacon_probe_resp_length) {
 		if (sync_ind->link_beacon_probe_resp_length >
 		    (QDF_IEEE80211_3ADDR_HDR_LEN + MAC_B_PR_SSID_OFFSET)) {
-			ie_len = sync_ind->link_beacon_probe_resp_length -
-					(QDF_IEEE80211_3ADDR_HDR_LEN +
-					 MAC_B_PR_SSID_OFFSET);
+			ie_len = MAX_MGMT_MPDU_LEN -
+			(QDF_IEEE80211_3ADDR_HDR_LEN + MAC_B_PR_SSID_OFFSET);
 		} else {
 			mlme_err("LFR3: MLO: vdev:%d Invalid link Beacon Length",
 				 vdev_id);