qcacmn: Fix interop VHT vendor IE parse error

Currently when parsing interop VHT vendor IE, it will have OOB
read when only VHT cap IE is present.

Try to read VHT op IE only when it is present.

Change-Id: Id1919a0ed1df56ecef54d6cb663c10cbcae5065f
CRs-Fixed: 2453071

umac/scan/dispatcher/src/wlan_scan_utils_api.c

@@ -434,7 +434,7 @@ util_scan_parse_vendor_ie(struct scan_cache_entry *scan_params,
 			  ie)->hi_ie);
 		}
 	} else if (is_interop_vht((uint8_t *)ie) &&
-	    !(scan_params->ie_list.vhtop)) {
+	    !(scan_params->ie_list.vhtcap)) {
 		uint8_t *vendor_ie = (uint8_t *)(ie);
 
 		if (ie->ie_len < ((WLAN_VENDOR_VHTCAP_IE_OFFSET +
@@ -450,17 +450,19 @@ util_scan_parse_vendor_ie(struct scan_cache_entry *scan_params,
 						WLAN_VENDOR_VHTCAP_IE_OFFSET);
 		if (ie->ie_len > ((WLAN_VENDOR_VHTCAP_IE_OFFSET +
 				 sizeof(struct wlan_ie_vhtcaps)) -
-				 sizeof(struct ie_header)) &&
-		    ie->ie_len < ((WLAN_VENDOR_VHTOP_IE_OFFSET +
-				  sizeof(struct wlan_ie_vhtop)) -
-				  sizeof(struct ie_header)))
-			return QDF_STATUS_E_INVAL;
-		vendor_ie = ((uint8_t *)(ie)) + WLAN_VENDOR_VHTOP_IE_OFFSET;
-		if (vendor_ie[1] != (sizeof(struct wlan_ie_vhtop) -
-				     sizeof(struct ie_header)))
-			return QDF_STATUS_E_INVAL;
-		scan_params->ie_list.vhtop = (((uint8_t *)(ie)) +
-						WLAN_VENDOR_VHTOP_IE_OFFSET);
+				 sizeof(struct ie_header))) {
+			if (ie->ie_len < ((WLAN_VENDOR_VHTOP_IE_OFFSET +
+					  sizeof(struct wlan_ie_vhtop)) -
+					  sizeof(struct ie_header)))
+				return QDF_STATUS_E_INVAL;
+			vendor_ie = ((uint8_t *)(ie)) +
+				    WLAN_VENDOR_VHTOP_IE_OFFSET;
+			if (vendor_ie[1] != (sizeof(struct wlan_ie_vhtop) -
+					     sizeof(struct ie_header)))
+				return QDF_STATUS_E_INVAL;
+			scan_params->ie_list.vhtop = (((uint8_t *)(ie)) +
+						   WLAN_VENDOR_VHTOP_IE_OFFSET);
+		}
 	} else if (is_bwnss_oui((uint8_t *)ie)) {
 		/*
 		 * Bandwidth-NSS map has sub-type & version.