qcacld-3.0: Fix out-of-bounds access in lim_process_assoc_req_frame

Currently the function lim_process_assoc_req_frame uses frame_len
without validation to parse the IE buffer which could lead to
out-of-bounds memory access if the frame_len is less than or
equal to LIM_ASSOC_REQ_IE_OFFSET(4).

Add check to validate the frame_len with LIM_ASSOC_REQ_IE_OFFSET
before sending (frame_len - LIM_ASSOC_REQ_IE_OFFSET) to
cfg_get_vendor_ie_ptr_from_oui to parse only the IE buffer.

Change-Id: Iaa9e8db4a2605169c9ad3904878a2e626eb6de8b
CRs-Fixed: 2259707

core/mac/src/pe/lim/lim_process_assoc_req_frame.c

@@ -1932,6 +1932,11 @@ void lim_process_assoc_req_frame(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info,
 	if ((session->access_policy_vendor_ie) &&
 		(session->access_policy ==
 		LIM_ACCESS_POLICY_RESPOND_IF_IE_IS_PRESENT)) {
+		if (frame_len <= LIM_ASSOC_REQ_IE_OFFSET) {
+			pe_debug("Received action frame of invalid len %d",
+				 frame_len);
+			return;
+		}
 		if (!wlan_get_vendor_ie_ptr_from_oui(
 				&session->access_policy_vendor_ie[2],
 				3, frm_body + LIM_ASSOC_REQ_IE_OFFSET,