net: wireless: bcmdhd: fix buffer overrun in private command path

buffer overrun case found when length parameter manipulated.

1. if input parameter buffer length is less than 4k,
then allocate 4k by default. It help to get enough margin
for output string overwritten.

2. added additional length check not to override user space
allocated buffer size.

Signed-off-by: Insun Song <insun.song@broadcom.com>
Bug: 29000183
Change-Id: I0c15d764c1648920f0214ec47ada689ca44ebfba
CVE-2016-8464
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>