security: fix crash and overflow bugs in network-facing modules

module-filter-chain: fix NULL pointer dereference when
pw_stream_dequeue_buffer returns NULL and out->requested is
accessed outside the NULL check.

module-zeroconf-discover: add NULL checks for name, type,
host_name, address, and port from mDNS lookups that could be
missing in malformed announcements.

module-raop-sink: cap net.mtu to 9000 to prevent stack overflow
via VLA uint32_t out[8 + mtu].

module-rtp-sap: fix buffer over-read in SDP "i=" line parsing
that read past a self-inserted null terminator. Also fix fd leak
when fd is 0 (fd > 0 should be fd >= 0).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

src/modules/module-rtp-sap.c

@@ -1545,21 +1545,19 @@ static int parse_sdp_m(struct impl *impl, char *c, struct sdp_info *info)
  * This is Audinate format. TODO: parse RAVENNA `i=CH1,CH2,CH3` format */
 static int parse_sdp_i(struct impl *impl, char *c, struct sdp_info *info)
 {
-	if (!strstr(c, " channels: ")) {
+	char *chstr;
+	uint32_t channels;
+
+	chstr = strstr(c, " channels: ");
+	if (chstr == NULL)
 		return 0;
-	}
 
 	c += strlen("i=");
-	c[strcspn(c, " ")] = '\0';
-
-	uint32_t channels;
 	if (sscanf(c, "%u", &channels) != 1 || channels <= 0 || channels > MAX_CHANNELS)
 		return 0;
 
-	c += strcspn(c, "\0");
-	c += strlen(" channels: ");
-
-	strncpy(info->channelmap, c, sizeof(info->channelmap) - 1);
+	chstr += strlen(" channels: ");
+	strncpy(info->channelmap, chstr, sizeof(info->channelmap) - 1);
 
 	return 0;
 }
@@ -1875,7 +1873,7 @@ finish:
 	return res;
 
 error:
-	if (fd > 0)
+	if (fd >= 0)
 		close(fd);
 	goto finish;
 }