umb: avoid buffer overflow in umb_getinfobuf()

umb_getinfobuf() is called with offs and size taken from messages sent
by the USB device. The sanity check is not sufficient, due to a possible
integer wrap. This can allow a broken or malicious USB device, or
possibly the network operator, to cause a buffer overflow.

This fix from Gerhard Roth was obtained after coordination upstream with
OpenBSD. It converts the variables to 64-bit integers, which should
mitigate the risk of overflows.

PR: 284906
Reported by: Robert Morris <rtm@lcs.mit.edu>
Approved by: philip (mentor)
Sponsored by: The FreeBSD Foundation