security/heimdal: Fix uninitialized pointer dereference

krb5_ret_preincipal() returns a non-zero return code when
a garbage principal is passed to it. Unfortunately ret_principal_ent()
does not check the return code, with garbage pointing to what would
have been the principal. This results in a segfault when free() is
called.

PR:		267944, 267972
Reported by:	Robert Morris <rtm@lcs.mit.edu>
MFH:		2024Q1

security/heimdal/Makefile

@@ -1,6 +1,6 @@
 PORTNAME=	heimdal
 PORTVERSION=	7.8.0
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	security
 MASTER_SITES=	https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/
 

security/heimdal/files/patch-lib_kadm5_marshall.c

@@ -1,6 +1,33 @@
 --- lib/kadm5/marshall.c.orig	2022-09-15 16:54:19.000000000 -0700
-+++ lib/kadm5/marshall.c	2022-11-24 08:47:40.099673000 -0800
-@@ -407,10 +407,40 @@
++++ lib/kadm5/marshall.c	2022-11-26 08:20:41.302104000 -0800
+@@ -261,9 +261,9 @@
+     int i;
+     int32_t tmp;
+ 
+-    if (mask & KADM5_PRINCIPAL)
+-	krb5_ret_principal(sp, &princ->principal);
+-
++    if (mask & KADM5_PRINCIPAL) 
++	if (krb5_ret_principal(sp, &princ->principal))
++	    return EINVAL;
+     if (mask & KADM5_PRINC_EXPIRE_TIME) {
+ 	krb5_ret_int32(sp, &tmp);
+ 	princ->princ_expire_time = tmp;
+@@ -282,9 +282,10 @@
+     }
+     if (mask & KADM5_MOD_NAME) {
+ 	krb5_ret_int32(sp, &tmp);
+-	if(tmp)
+-	    krb5_ret_principal(sp, &princ->mod_name);
+-	else
++	if(tmp) {
++	    if (krb5_ret_principal(sp, &princ->mod_name))
++		return EINVAL;
++	} else
+ 	    princ->mod_name = NULL;
+     }
+     if (mask & KADM5_MOD_TIME) {
+@@ -407,10 +408,40 @@
      ret = krb5_ret_int32(sp, &mask);
      if (ret)
  	goto out;