qcacld-3.0: validate essid length before processing scan req

qcacld-2.0 to qcacld-3.0 propagation

Presently we are not validating the length of the essid received
and directly copying the buffer without size checking.

Perform bound checking before processing the scan req.

Change-Id: I786e4feb67bf039df3d217138a412da54f51787d
CRs-fixed: 890228

core/hdd/src/wlan_hdd_scan.c

@@ -783,7 +783,8 @@ static int __iw_set_scan(struct net_device *dev, struct iw_request_info *info,
 
 		if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
 
-			if (scanReq->essid_len) {
+			if (scanReq->essid_len &&
+			    (scanReq->essid_len <= SIR_MAC_MAX_SSID_LENGTH)) {
 				scanRequest.SSIDs.numOfSSIDs = 1;
 				scanRequest.SSIDs.SSIDList =
 					(tCsrSSIDInfo *)
@@ -800,6 +801,9 @@ static int __iw_set_scan(struct net_device *dev, struct iw_request_info *info,
 					hdd_err("Unable to allocate memory");
 					QDF_ASSERT(0);
 				}
+			} else {
+				hdd_err("Invalid essid length : %d",
+					scanReq->essid_len);
 			}
 		}