qcacld-3.0: Fix to pass appropriate buffer length to unpack WPA IE

In lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message, length passed
to unpack WPA IE is length of WPA IE + 2 bytes extra
(rsn_ie->rsnIEdata[1] + 2) - 4. So in case of only WPA IE is present
in assoc request, the WPA IE parser will try to validate the buffer
beyond the WPA IE and might fail as the extra 2 bytes of buffer might
contains some garbage value.

Pass appropriate length to unpack WPA IE.

Change-Id: Ifad6fabf701a82abd4234569d108b4172adf2bcb
CRs-Fixed: 2217455

core/mac/src/pe/lim/lim_sme_req_utils.c

@@ -297,7 +297,7 @@ lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
 		   && (rsn_ie->rsnIEdata[0] == SIR_MAC_WPA_EID)) {
 		pe_debug("Only WPA IE is present");
 		ret = dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[6],
-					   (uint8_t) rsn_ie->length - 4,
+					   rsn_ie->rsnIEdata[1] - 4,
 					   &session->gStartBssWPAIe, false);
 		if (!DOT11F_SUCCEEDED(ret)) {
 			pe_err("unpack failed, ret: %d", ret);