qcacmn: Possible Out of bound read in policy_mgr_get_channel_list

To prepare the channel list suggestion for a new connection,
policy_mgr_get_channel_list invokes policy_mgr_get_valid_chans to
get the number of valid channels. Driver uses returned num channel
and iterates channel list to divide the list into 2.4 & 5 GHz
lists. In case if, num of valid channel returned by
policy_mgr_get_valid_chans is greater than the maximum number of
channel supported in the channel list, QDF_MAX_NUM_CHAN(128),
possible OOB read occurs.

Validate the value of chan_index of channel list in
policy_mgr_get_channel_list against the maximum number of
channels supported in the channel list.

Change-Id: I6beb9231aaef491731557434d1ae210ac0bdb036
CRs-Fixed: 2346125

src/wlan_policy_mgr_core.c

@@ -1972,6 +1972,7 @@ QDF_STATUS policy_mgr_get_channel_list(struct wlan_objmgr_psoc *psoc,
 	}
 
 	while ((chan_index < num_channels) &&
+		(chan_index < QDF_MAX_NUM_CHAN) &&
 		(chan_index_5 < QDF_MAX_NUM_CHAN)) {
 		if ((true == skip_dfs_channel) &&
 		    wlan_reg_is_dfs_ch(pm_ctx->pdev,
@@ -3090,7 +3091,7 @@ void  policy_mgr_init_sap_mandatory_2g_chan(struct wlan_objmgr_psoc *psoc)
 	}
 	pm_ctx->sap_mandatory_channels_len = 0;
 
-	for (i = 0; i < len; i++) {
+	for (i = 0; (i < len) && (i < QDF_MAX_NUM_CHAN); i++) {
 		if (WLAN_REG_IS_24GHZ_CH(chan_list[i])) {
 			policy_mgr_debug("Add chan %hu to mandatory list",
 					chan_list[i]);