usb: gadger: f_fs: Do not copy past descriptor end.

Endpoint descriptors come in 2 sizes, struct usb_endpoint_descriptor being
the largest. Use bLength to stop on endpoint descriptor boundary, and not
2 bytes too far.

Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>

drivers/usb/gadget/function/f_fs.c

@@ -1230,7 +1230,7 @@ static long ffs_epfile_ioctl(struct file *file, unsigned code,
 			desc = epfile->ep->descs[desc_idx];
 
 			spin_unlock_irq(&epfile->ffs->eps_lock);
-			ret = copy_to_user((void *)value, desc, sizeof(*desc));
+			ret = copy_to_user((void *)value, desc, desc->bLength);
 			if (ret)
 				ret = -EFAULT;
 			return ret;