qcacmn: Fix possible OOB in send_roam_scan_offload_mode_cmd_tlv

In send_roam_scan_offload_mode_cmd_tlv, psk_msk from incoming
roam request buffer is copied to destination roam_offload_11i->pmk.
The psk_msk is of size 48 bytes, while destination pmk is of 32
bytes. This could result in OOB.

Copy only 32 bytes for 11i pmk as 802.1x doesn't have PMK size
greater than 32. In future, if Suite-B roaming support is
required, interface changes are need to add new parameter to
copy the remaining 16 bytes.

Change-Id: I303fc15fc0f0169a049d0542674bd7add3cbb1a1
CRs-Fixed: 2470353

wmi/src/wmi_unified_roam_tlv.c

@@ -1345,7 +1345,7 @@ send_roam_scan_offload_mode_cmd_tlv(wmi_unified_t wmi_handle,
 
 				qdf_mem_copy(roam_offload_11i->pmk,
 					     roam_req->psk_pmk,
-					     sizeof(roam_req->psk_pmk));
+					     sizeof(roam_offload_11i->pmk));
 				roam_offload_11i->pmk_len = roam_req->pmk_len;
 				WMITLV_SET_HDR(&roam_offload_11i->tlv_header,
 				WMITLV_TAG_STRUC_wmi_roam_11i_offload_tlv_param,