ber_scanf expects a pointer to a ber_tag_t to return the tag pointed at
by "t", if that is not provided the pointer will be store in whatever
memory location is pointed by the stack at that time causeing a crash.

It's also possible for unprivileged end users to trigger parsing of the
krbPrincipalKey.

Fixes #8071: CVE-2019-14867

Reported by Todd Lipcon from Cloudera

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
(cherry picked from commit d2e0d945)