qcacmn: Fix potential OOB read in util_scan_parse_mbssid()

If the length of the MBSSID IE is 0, then there is a potential
OOB read in util_scan_parse_mbssid(), when the Max BSSID indicator
field is accessed.

To fix this, do not proceed with MBSSID parsing if the length
of the MBSSID IE is zero.

Change-Id: I2c7a7641b77fed20a910cb77035588a7540caa62
CRs-Fixed: 3717567

umac/scan/dispatcher/src/wlan_scan_utils_api.c

@@ -3424,6 +3424,15 @@ static QDF_STATUS util_scan_parse_mbssid(struct wlan_objmgr_pdev *pdev,
 		if (!mbssid_elem)
 			break;
 
+		/*
+		 * The max_bssid_indicator field is mandatory, therefore the
+		 * length of the MBSSID element should atleast be 1.
+		 */
+		if (!mbssid_elem[TAG_LEN_POS]) {
+			scm_debug_rl("MBSSID IE is of length zero");
+			break;
+		}
+
 		mbssid_info.profile_count =
 			(1 << mbssid_elem[MBSSID_INDICATOR_POS]);