qcacmn: Fix OOB read in extract_ndp_ind_tlv()

In the call to QDF_TRACE_HEX_DUMP in extract_ndp_ind_tlv(),
the buffer, event->ndp_cfg is dereferenced an additional time
and then read the length number of bytes in hex_dump_to_buffer,
resulting in an OOB read.
As WMI logging is already enabled, remove the hex dump.

Change-Id: I1ebe2469a6bb2baefc76980405d97700c1c57b5c
CRs-Fixed: 2336856

wmi/src/wmi_unified_nan_tlv.c

@@ -1,6 +1,6 @@
 
 /*
- * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2019 The Linux Foundation. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -743,13 +743,9 @@ static QDF_STATUS extract_ndp_ind_tlv(wmi_unified_t wmi_handle,
 		 rsp->peer_discovery_mac_addr.bytes);
 
 	WMI_LOGD("ndp_cfg - %d bytes", fixed_params->ndp_cfg_len);
-	QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_WMI, QDF_TRACE_LEVEL_DEBUG,
-			   &event->ndp_cfg, fixed_params->ndp_cfg_len);
 
 	WMI_LOGD("ndp_app_info - %d bytes",
 		 fixed_params->ndp_app_info_len);
-	QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_WMI, QDF_TRACE_LEVEL_DEBUG,
-			&event->ndp_app_info, fixed_params->ndp_app_info_len);
 
 	rsp->ndp_config.ndp_cfg_len = fixed_params->ndp_cfg_len;
 	rsp->ndp_info.ndp_app_info_len = fixed_params->ndp_app_info_len;
@@ -782,10 +778,6 @@ static QDF_STATUS extract_ndp_ind_tlv(wmi_unified_t wmi_handle,
 	WMI_LOGD(FL("IPv6 addr present: %d, addr: %pI6"),
 		    rsp->is_ipv6_addr_present, rsp->ipv6_addr);
 
-	WMI_LOGD("scid hex dump:");
-	QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_WMI, QDF_TRACE_LEVEL_DEBUG,
-			   rsp->scid.scid, rsp->scid.scid_len);
-
 	return QDF_STATUS_SUCCESS;
 }