qcacld-3.0: Fix possible OOB access in lim_process_assoc_req_frame

cfg_get_vendor_ie_ptr_from_oui is invoked in
lim_process_assoc_req_frame function with ie
pointer pointing to frame buffer plus assoc
req ie offset and ie len equal to frame buffer
len. This could result in OOB access since
offset is not subtracted from frame len.

Fix is to subtract the offset from frame len
as argument to cfg_get_vendor_ie_ptr_from_oui.

Change-Id: Ic107867bcf4d7813c544309a2aff165f2dc7155d
CRs-Fixed: 2255369

core/mac/src/pe/lim/lim_process_assoc_req_frame.c

@@ -1935,7 +1935,7 @@ void lim_process_assoc_req_frame(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info,
 		if (!wlan_get_vendor_ie_ptr_from_oui(
 				&session->access_policy_vendor_ie[2],
 				3, frm_body + LIM_ASSOC_REQ_IE_OFFSET,
-				 frame_len)) {
+				 frame_len - LIM_ASSOC_REQ_IE_OFFSET)) {
 			pe_err("Vendor ie not present and access policy is %x, Rejected association",
 				session->access_policy);
 			lim_send_assoc_rsp_mgmt_frame(mac_ctx,