qcacld-3.0: Validate Country IE length before copying country code

During starting of SAP, after extracting the pointer to the country IE,
country code is copied without proper IE length validation. A smaller
than accceptible IE length can cause out of bound memory access.

Validate length with with the minimum acceptible length before copying.

Change-Id: Ie2115bdbd22badd51ea40d028331ef1a74b02281
CRs-Fixed: 2150285

core/hdd/src/wlan_hdd_hostapd.c

@@ -7609,6 +7609,12 @@ int wlan_hdd_cfg80211_start_bss(struct hdd_adapter *adapter,
 		pIe = wlan_get_ie_ptr_from_eid(WLAN_EID_COUNTRY,
 					pBeacon->tail, pBeacon->tail_len);
 		if (pIe) {
+			if (pIe[1] < IEEE80211_COUNTRY_IE_MIN_LEN) {
+				hdd_err("Invalid Country IE len: %d", pIe[1]);
+				ret = -EINVAL;
+				goto error;
+			}
+
 			pConfig->ieee80211d = 1;
 			qdf_mem_copy(pConfig->countryCode, &pIe[2], 3);
 			status = ucfg_reg_set_country(hdd_ctx->hdd_pdev,