security: fix multiple vulnerabilities in C code across packages

[aparcar]

Critical fixes:

• tinysrp: fix remote stack buffer overflow in tsrp_server_authenticate()
  where a network-controlled byte could write up to 255 bytes into a
  32-byte stack buffer (CVE-worthy, remote code execution)
• fritz_tffs_nand_read: fix incorrect pointer arithmetic in memset that
  caused out-of-bounds write (segments + num_segments * sizeof() should
  be segments + num_segments since C scales pointer arithmetic by type)
• fis: fix negative memset size (tmp - end was negative, wrapping to
  huge size_t value; corrected to end - tmp)
• ead: fix integer underflow in handle_send_a() where unsigned
  subtraction could wrap to negative int, bypassing bounds check

High-severity fixes:

• ead-client: add bounds check in handle_b() for network-controlled
  memcpy length into fixed MAXPARAMLEN buffer
• ead-client: add bounds check in handle_prime() for salt length
  (0-255 from network) into 32-byte saltbuf
• ead-client: replace strcpy with strncpy in send_username() to prevent
  overflow of 32-byte username field
• ead: add NULL check after malloc for ead_instance allocation
• swconfig: add NULL checks after malloc in store_port_val(),
  store_link_val(), swlib_set_attr_string(), and swlib_map_settings()
• jffs2/mtd: add NULL checks after malloc for erase buffer allocation
• fritz_tffs_nand_read: add NULL check after realloc for segments

Medium-severity fixes:

• ead: increase PID buffer from 8 to 16 bytes to prevent overflow with
  high PID values
• ead: check read() return value from /dev/urandom
• jboot_config_read: fix pointer-to-uint32_t truncation on 64-bit
  systems (use uintptr_t instead)
• nvram: fix pointer-to-int truncation on 64-bit systems for alignment
  calculation (use uintptr_t)
• patch-cmdline: fix munmap size to match mmap size instead of using
  unrelated strlen value
• mtd: add bounds check on partition name memcpy and array index

https://claude.ai/code/session_01NE3Ds4oKxq2Bky281LYx4h