qcacmn: Fix possible buffer overflow in wma_encrypt_decrypt_msg_handler

Data len received in encrypt decrypt data response
is not validated against the max allowed size which
can result in buffer overflow.

Fix is to validate data len against max allowed size.

Change-Id: I69bd8e63014220e5a2f291e4a0b1914d10c79fd7
CRs-Fixed: 2226375

wmi/src/wmi_unified_tlv.c

@@ -5886,7 +5886,9 @@ QDF_STATUS extract_encrypt_decrypt_resp_event_tlv(wmi_unified_t wmi_handle,
 	resp->vdev_id = data_event->vdev_id;
 	resp->status = data_event->status;
 
-	if (data_event->data_length > param_buf->num_enc80211_frame) {
+	if ((data_event->data_length > param_buf->num_enc80211_frame) ||
+	    (data_event->data_length > WMI_SVC_MSG_MAX_SIZE - WMI_TLV_HDR_SIZE -
+	     sizeof(*data_event))) {
 		WMI_LOGE("FW msg data_len %d more than TLV hdr %d",
 			 data_event->data_length,
 			 param_buf->num_enc80211_frame);