qcacld-2.0: Avoid buffer overflow when handle 11w rmf

If 11w is enabled, mmie should be included in broadcast
multicast rmf, length check need consider it to avoid buffer
overflow.
CRs-Fixed: 2319068
Change-Id: I6c2ebe18fb5b6e4246ba6d28c1dbc55175279e30

drivers/net/wireless/qcacld-2.0/CORE/CLD_TXRX/TLSHIM/tl_shim.c

@@ -758,7 +758,12 @@ static int tlshim_mgmt_rx_process(void *context, u_int8_t *data,
 					 IEEE80211_IS_MULTICAST(wh->i_addr1))
 				{
 					efrm = adf_nbuf_data(wbuf) + adf_nbuf_len(wbuf);
-
+					/* Check if frame is invalid length */
+					if (efrm - (uint8_t *)wh <
+					    sizeof(*wh) + vos_get_mmie_size()) {
+						TLSHIM_LOGE("Invalid frame length");
+						return 0;
+					}
 					key_id = (u_int16_t)*(efrm - vos_get_mmie_size() + 2);
 					if (!((key_id == WMA_IGTK_KEY_INDEX_4) ||
 						(key_id == WMA_IGTK_KEY_INDEX_5))) {