qcacld-3.0: Sanitize fils_erp_rrk_len before doing memcpy

Currently, the hdd_update_connect_params_fils_info() function blindly
trusts the size and copies into the fils_info->r_rk buffer, putting it
at risk of buffer overflow. Add a check to make sure the buffer passed
in to be copied to fils_info->r_rk is of the proper length.

Change-Id: I9ad2405ca1acd83591bea2aa43406909ad1c58e4
CRs-Fixed: 2580776

core/hdd/src/wlan_hdd_cfg80211.c

@@ -23316,6 +23316,11 @@ hdd_update_connect_params_fils_info(struct hdd_adapter *adapter,
 		fils_info->sequence_number = req->fils_erp_next_seq_num + 1;
 		fils_info->r_rk_length = req->fils_erp_rrk_len;
 
+		if (fils_info->r_rk_length > FILS_MAX_RRK_LENGTH) {
+			hdd_err("r_rk_length is invalid");
+			return -EINVAL;
+		}
+
 		if (req->fils_erp_rrk_len && req->fils_erp_rrk)
 			qdf_mem_copy(fils_info->r_rk, req->fils_erp_rrk,
 						fils_info->r_rk_length);