qcacmn: Fix OOB issue for bwnss oui

If is_bwnss_oui return true in util_scan_parse_vendor_ie,
and it will run into below logical:
scan_params->ie_list.bwnss_map = (((uint8_t *)ie) + 8)
But in fact if ie->ie_len < 6, it will casue read out
of boundary issue. So add the length chekcing before
reading it

Change-Id: I0cdf723154eb808f8062efd897f9d67d54d4573b
CRs-Fixed: 2838849

umac/scan/dispatcher/src/wlan_scan_utils_api.c

@@ -866,7 +866,8 @@ util_scan_parse_vendor_ie(struct scan_cache_entry *scan_params,
 		 * Bandwidth-NSS map has sub-type & version.
 		 * hence copy data just after version byte
 		 */
-		scan_params->ie_list.bwnss_map = (((uint8_t *)ie) + 8);
+		if (ie->ie_len > WLAN_BWNSS_MAP_OFFSET)
+			scan_params->ie_list.bwnss_map = (((uint8_t *)ie) + 8);
 	} else if (is_mbo_oce_oui((uint8_t *)ie)) {
 		scan_params->ie_list.mbo_oce = (uint8_t *)ie;
 	} else if (is_extender_oui((uint8_t *)ie)) {