qcacld-3.0: Fix incorrect processing of encrypted auth frame

Fix incorrect processing of encrypted auth frame by allocating
appropriate local buffer and using correct type for frame length.

Change-Id: I87d6f4c3c43dd332d5b1877ddf4b3b46a717468b
CRs-Fixed: 2081734

core/mac/src/pe/lim/lim_process_auth_frame.c

@@ -1042,7 +1042,7 @@ lim_process_auth_frame(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info,
 {
 	uint8_t *body_ptr, key_id, cfg_privacy_opt_imp;
 	uint8_t defaultkey[SIR_MAC_KEY_LENGTH];
-	uint8_t plainbody[256];
+	uint8_t plainbody[LIM_ENCR_AUTH_BODY_LEN];
 	uint8_t decrypt_result;
 	uint16_t frame_len, curr_seq_num = 0;
 	uint32_t val, key_length = 8;

core/mac/src/pe/lim/lim_security_utils.c

@@ -645,7 +645,7 @@ lim_rc4(uint8_t *pDest, uint8_t *pSrc, uint8_t *seed, uint32_t keyLength,
 	{
 		uint8_t i = ctx.i;
 		uint8_t j = ctx.j;
-		uint8_t len = (uint8_t) frameLen;
+		uint16_t len = frameLen;
 
 		while (len-- > 0) {
 			uint8_t temp1, temp2;
@@ -717,7 +717,7 @@ lim_decrypt_auth_frame(tpAniSirGlobal pMac, uint8_t *pKey, uint8_t *pEncrBody,
 	/* Compute CRC-32 and place them in last 4 bytes of encrypted body */
 	lim_compute_crc32(icv,
 			  (uint8_t *) pPlainBody,
-			  (uint8_t) (frameLen - SIR_MAC_WEP_ICV_LENGTH));
+			  (frameLen - SIR_MAC_WEP_ICV_LENGTH));
 
 	/* Compare RX_ICV with computed ICV */
 	for (i = 0; i < SIR_MAC_WEP_ICV_LENGTH; i++) {