qcacld-3.0: Fix buffer overwrite problem in CCXBEACONREQ

This is a propagation from qcacld-2.0 to qcacld-3.0.

Set the number of IE fields to minimum of input data and
SIR_ESE_MAX_MEAS_IE_REQS

Change-Id: Ie53cfec7872ab69530bbb8932f9f9e85fb319f92
CRs-Fixed: 993561

core/hdd/src/wlan_hdd_ioctl.c

@@ -2642,7 +2642,7 @@ static int hdd_parse_ese_beacon_req(uint8_t *pValue,
 	if ('\0' == *inPtr)
 		return -EINVAL;
 
-	/* get the first argument ie measurement token */
+	/* Getting the first argument ie Number of IE fields */
 	v = sscanf(inPtr, "%31s ", buf);
 	if (1 != v)
 		return -EINVAL;
@@ -2651,10 +2651,10 @@ static int hdd_parse_ese_beacon_req(uint8_t *pValue,
 	if (v < 0)
 		return -EINVAL;
 
+	tempInt = QDF_MIN(tempInt, SIR_ESE_MAX_MEAS_IE_REQS);
 	pEseBcnReq->numBcnReqIe = tempInt;
 
-	hdd_info("Number of Bcn Req Ie fields(%d)",
-		  pEseBcnReq->numBcnReqIe);
+	hdd_info("Number of Bcn Req Ie fields: %d", pEseBcnReq->numBcnReqIe);
 
 	for (j = 0; j < (pEseBcnReq->numBcnReqIe); j++) {
 		for (i = 0; i < 4; i++) {