qcacmn: Validate vendor abort scan command

In wlan_vendor_abort_scan(), nla_parse() is invoked without specifying
a policy. This can result in a buffer overread when processing the
QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE attribute. To avoid this issue
introduce a "scan_policy" (replicated from qcacld-3.0) and use this
policy when invoking nla_parse().

Change-Id: Ia3e5cb7535bf0f700399e4a49c9c5da362a3ccf6
CRs-Fixed: 2059857

os_if/linux/scan/src/wlan_cfg80211_scan.c

@@ -38,6 +38,13 @@
 #include <wlan_policy_mgr_api.h>
 #endif
 
+static const
+struct nla_policy scan_policy[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1] = {
+	[QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS] = {.type = NLA_U32},
+	[QCA_WLAN_VENDOR_ATTR_SCAN_TX_NO_CCK_RATE] = {.type = NLA_FLAG},
+	[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE] = {.type = NLA_U64},
+};
+
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
 static uint32_t hdd_config_sched_scan_start_delay(
 		struct cfg80211_sched_scan_request *request)
@@ -1330,7 +1337,7 @@ int wlan_vendor_abort_scan(struct wlan_objmgr_pdev *pdev,
 
 	pdev_id = wlan_objmgr_pdev_get_pdev_id(pdev);
 	if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_SCAN_MAX, data,
-	    data_len, NULL)) {
+		      data_len, scan_policy)) {
 		cfg80211_err("Invalid ATTR");
 		return ret;
 	}