qcacld-3.0: Check buff len alloc in __iw_set_packet_filter_params

In __iw_set_packet_filter_params(), a user controlled length value,
priv_data.length, is used to allocated a buffer. This buffer is then
cast to a struct pointer of struct pkt_filter_cfg type without ensuring
the buffer is large enough to hold the struct. This can lead to a buffer
overread if the user supplied size is smaller than the actual size of the
struct.

Add a sanity check on priv_data.length to ensure that the size is large
enough to hold the struct.

Change-Id: I227856484d4bd7a9b0a16a42e26febbc799f80b5
CRs-Fixed: 2228725

core/hdd/src/wlan_hdd_wext.c

@@ -8245,7 +8245,8 @@ static int __iw_set_packet_filter_params(struct net_device *dev,
 		return -EINVAL;
 	}
 
-	if ((NULL == priv_data.pointer) || (0 == priv_data.length)) {
+	if ((NULL == priv_data.pointer) || (0 == priv_data.length) ||
+	   priv_data.length < sizeof(struct pkt_filter_cfg)) {
 		hdd_err("invalid priv data %pK or invalid priv data length %d",
 			priv_data.pointer, priv_data.length);
 		return -EINVAL;