qcacld-3.0: Fix uninitialized buffer use in wma_mgmt_rx_process

In the function wma_mgmt_rx_process, wbuf is the allocated skb
which houses the incoming management frame. An extra 100 bytes
buffer is allocated in wbuf->data to avoid OOB access when
additional headers are present in addition to ieee80211_frame.
This additional buffer is uninitialized and can cause potential
OOB for the management frames of length
sizeof(struct ieee80211_frame) and have no IE or any data.

Initialize the allocated extra bytes so that OOB is prevented.

Change-Id: I44047b0c6f3a731c741c5e0217f3bd0cdd8ed4dc
CRs-Fixed: 2249815

core/wma/src/wma_mgmt.c

@@ -4112,6 +4112,10 @@ static int wma_mgmt_rx_process(void *handle, uint8_t *data,
 	qdf_nbuf_put_tail(wbuf, mgmt_rx_params->buf_len);
 	qdf_nbuf_set_protocol(wbuf, ETH_P_CONTROL);
 
+	qdf_mem_zero(((uint8_t *)qdf_nbuf_data(wbuf) + mgmt_rx_params->buf_len),
+		     (roundup(mgmt_rx_params->buf_len + RESERVE_BYTES, 4) -
+		     mgmt_rx_params->buf_len));
+
 	wma_mem_endianness_based_copy(qdf_nbuf_data(wbuf),
 			bufp, mgmt_rx_params->buf_len);