qcacld-3.0: Fix OOB write in lim_populate_peer_rate_set

To poiulate peer rates (Supproted rates, HT & VHT Capabilities)
lim_populate_peer_rate_set first copy values of
psessionEntry->rateSet.rate in a local buffer tempRateSet for
sorting of rates. Currently while copying, index for
psessionEntry->rateSet.rate bufffer varies from 0 to max rate
allowed SIR_MAC_RATESET_EID_MAX(12). This results access of 13th
index(OOB) of psessionEntry->rateSet.rate buffer.

The fix is to set proper upper bound to copy values of
psessionEntry->rateSet.rate in to a local buffer tempRateSet.

Change-Id: I75d5f5b5e7d44665101dae6e095b4adadc1781fb
CRs-Fixed: 2268610

core/mac/src/pe/lim/lim_assoc_utils.c

@@ -1691,7 +1691,7 @@ lim_populate_peer_rate_set(tpAniSirGlobal pMac,
 		}
 	} else
 		tempRateSet2.numRates = 0;
-	if ((tempRateSet.numRates + tempRateSet2.numRates) >
+	if ((tempRateSet.numRates + tempRateSet2.numRates) >=
 	    SIR_MAC_RATESET_EID_MAX) {
 		pe_err("more than 12 rates in CFG");
 		return QDF_STATUS_E_FAILURE;