qcacld-3.0: Add check for validity of COUNTRY driver cmd

When the driver command COUNTRY is issued from the userspace, the
command and the parameter is copied from the user in hdd_driver_command()
where it is then processed by hdd_drv_cmd_process() and then passed on
to the handler, in this case, drv_cmd_country(). The command parameter
passed is then parsed for the country code appended after the string
"COUNTRY". In the case the command is passed without any country code,
there may occur an out of bounds index access in the function
drv_cmd_country(). The parsed parameters in this function are accessed
without any validity check.

Add a validity check to verify that the command is passed with country
code parameters to prevent access of out of bound index.

Change-Id: I03c372796ed7cd62e54a0acdf237069be076ee2c
CRs-Fixed: 2242617

core/hdd/src/wlan_hdd_ioctl.c

@@ -3037,7 +3037,29 @@ static inline int drv_cmd_country(struct hdd_adapter *adapter,
 				  uint8_t command_len,
 				  struct hdd_priv_data *priv_data)
 {
-	return hdd_reg_set_country(hdd_ctx, command + command_len + 1);
+	char *country_code;
+
+	country_code = strnchr(command, strlen(command), ' ');
+	/* no argument after the command */
+	if (!country_code)
+		return -EINVAL;
+
+	/* no space after the command */
+	if (*country_code != SPACE_ASCII_VALUE)
+		return -EINVAL;
+
+	country_code++;
+
+	/* removing empty spaces */
+	while ((*country_code == SPACE_ASCII_VALUE) &&
+	       (*country_code != '\0'))
+		country_code++;
+
+	/* no or less than 2  arguments followed by spaces */
+	if (*country_code == '\0' || *(country_code + 1) == '\0')
+		return -EINVAL;
+
+	return hdd_reg_set_country(hdd_ctx, country_code);
 }
 
 static int drv_cmd_set_roam_trigger(struct hdd_adapter *adapter,