qcacld-3.0: Fix the frame check in cm_handle_roam_reason_deauth

In cm_handle_roam_reason_deauth() API the deauth_disassoc_frame
is validated to avoid NULL pointer dereference and the roam
event is dropped if the frame is NULL. But the firmware can
send the event only with reason code and without including the
deauthentication/disassociation frame. So disconnect indication
event is not sent to framework upon receiving disassoc/deatuth.

Remove the frame check to validate the deauth/disassoc frame.
Update the logic in pe_disconnect_callback to check the deauth/
disassoc frame pointer if length is non-zero.

Change-Id: Ibc612e89d6edbbd40d7c79713197e4121cddc097
CRs-Fixed: 3313804

core/mac/src/pe/lim/lim_api.c

@@ -2442,9 +2442,13 @@ pe_disconnect_callback(struct mac_context *mac, uint8_t vdev_id,
 	if (!lim_is_sb_disconnect_allowed(session))
 		return QDF_STATUS_SUCCESS;
 
-	if (!(deauth_disassoc_frame ||
-	      deauth_disassoc_frame_len > SIR_MAC_MIN_IE_LEN))
+	if (!deauth_disassoc_frame ||
+	    deauth_disassoc_frame_len <
+	    (sizeof(struct wlan_frame_hdr) + sizeof(reason_code))) {
+		pe_err_rl("Discard invalid disconnect evt. frame len:%d",
+			  deauth_disassoc_frame_len);
 		goto end;
+	}
 
 	/*
 	 * Use vdev pmf status instead of peer pmf capability as

core/wma/src/wma_scan_roam.c

@@ -2766,11 +2766,6 @@ void cm_handle_roam_reason_deauth(uint8_t vdev_id, uint32_t notif_params,
 				  uint8_t *deauth_disassoc_frame,
 				  uint32_t frame_len)
 {
-	if (!deauth_disassoc_frame) {
-		wma_debug("deauth_disassoc_frame is NULL");
-		return;
-	}
-
 	wma_handle_roam_reason_deauth(vdev_id, notif_params, frame_len,
 				      deauth_disassoc_frame);
 }