qcacld-3.0: Add a NULL check on channels in IOCTL SETROAMSCANCHANNELS

User sends driver a list of roaming scan channels to set through IOCTL
SETROAMSCANCHANNELS. The parameters include the number of elements in
the array, followed by channel array and then a NULL character. But
when driver loops through the channel array it doesn't have a NULL
check. An erroneous number of elements passed by user may cause buffer
overread.

Add a NULL check on channels passed in IOCTL SETROAMSCANCHANNELS.

Change-Id: I7342aa5cf8e5267b7ed06a4e35b1ed882fb97893
CRs-Fixed: 2227039

core/hdd/src/wlan_hdd_ioctl.c

@@ -1523,6 +1523,13 @@ hdd_parse_set_roam_scan_channels_v2(struct hdd_adapter *adapter,
 
 	for (i = 0; i < num_chan; i++) {
 		channel = *value++;
+		if (!channel) {
+			hdd_err("Channels end at index %d, expected %d",
+				i, num_chan);
+			ret = -EINVAL;
+			goto exit;
+		}
+
 		if (channel > WNI_CFG_CURRENT_CHANNEL_STAMAX) {
 			hdd_err("index %d invalid channel %d",
 				  i, channel);