wcnss: fix the buffer overflow in MAC address store sysfs

#define WCNSS_USR_WLAN_MAC_ADDR   (WCNSS_USR_CTRL_MSG_START + 3)

#define MAC_ADDRESS_STR "%02x:%02x:%02x:%02x:%02x:%02x"

#define SHOW_MAC_ADDRESS_STR	"%02x:%02x:%02x:%02x:%02x:%02x\n"

#define WCNSS_USER_MAC_ADDR_LENGTH	18

/* message types */

#define WCNSS_CTRL_MSG_START	0x01000000

static ssize_t wcnss_wlan_macaddr_store(struct device *dev,

		struct device_attribute *attr, const char *buf, size_t count)

{

	char macAddr[WLAN_MAC_ADDR_SIZE];

	int index;

	int macAddr[WLAN_MAC_ADDR_SIZE];

	if (!penv)

		return -ENODEV;

	pr_debug("%s: Receive MAC Addr From user space: %s\n", __func__, buf);

	if (WCNSS_USER_MAC_ADDR_LENGTH != strlen(buf)) {

		dev_err(dev, "%s: Invalid MAC addr length\n", __func__);

		return -EINVAL;

	}

	if (WLAN_MAC_ADDR_SIZE != sscanf(buf, MAC_ADDRESS_STR,

		 (int *)&macAddr[0], (int *)&macAddr[1],

		 (int *)&macAddr[2], (int *)&macAddr[3],

		 (int *)&macAddr[4], (int *)&macAddr[5])) {

		&macAddr[0], &macAddr[1], &macAddr[2],

		&macAddr[3], &macAddr[4], &macAddr[5])) {

		pr_err("%s: Failed to Copy MAC\n", __func__);

		return -EINVAL;

	}

	memcpy(penv->wlan_nv_macAddr, macAddr, sizeof(penv->wlan_nv_macAddr));

	for (index = 0; index < WLAN_MAC_ADDR_SIZE; index++) {

		memcpy(&penv->wlan_nv_macAddr[index],

		       (char *)&macAddr[index], sizeof(char));

	}

	pr_info("%s: Write MAC Addr:" MAC_ADDRESS_STR "\n", __func__,

		penv->wlan_nv_macAddr[0], penv->wlan_nv_macAddr[1],

	if (!penv)

		return -ENODEV;

	return scnprintf(buf, PAGE_SIZE, MAC_ADDRESS_STR,

	return scnprintf(buf, PAGE_SIZE, SHOW_MAC_ADDRESS_STR,

		penv->wlan_nv_macAddr[0], penv->wlan_nv_macAddr[1],

		penv->wlan_nv_macAddr[2], penv->wlan_nv_macAddr[3],

		penv->wlan_nv_macAddr[4], penv->wlan_nv_macAddr[5]);