Description: CVE-2022-22728 -- multipart form parse memory corruption
 A flaw in Apache libapreq2 versions 2.16 and earlier could cause a
 buffer overflow while processing multipart form uploads. A remote
 attacker could send a request causing a process crash which could lead
 to a denial of service attack.
 This is #2 of 4 patches, see alos https://www.openwall.com/lists/oss-security/2023/01/02/2
Origin: https://svn.apache.org/viewvc?view=revision&revision=1894940
Bug-Debian: https://bugs.debian.org/1018191
Reviewed-by: Tobias Frost <tobi@debian.org>
Last-Update: 2023-01-13 <YYYY-MM-DD, last update of the meta-information, optional>
--- a/library/parser_header.c
+++ b/library/parser_header.c
@@ -39,7 +39,7 @@
         HDR_GAP,
         HDR_VALUE,
         HDR_NEWLINE,
-        HDR_CONTLINE,
+        HDR_FOLDLINE,
         HDR_WANTLINE,
         HDR_NEXTLINE,
         HDR_LASTLINE,
@@ -329,41 +329,39 @@
             if (off == dlen)
                 break;
 
-            {
-                ch = data[off];
-                switch (ch) {
-                case ' ':
-                case '\t':
-                    ++off;
-                    ++ctx->vlen;
-                    break;
+            ch = data[off];
+            switch (ch) {
+            case ' ':
+            case '\t':
+                ++off;
+                ++ctx->vlen;
+                break;
 
-                default:
-                    /* can parse brigade now */
-                    if (off > 0)
-                        apr_bucket_split(e, off);
-                    s = split_header_line(&param, pool, ctx->bb, ctx->nlen, ctx->glen, ctx->vlen);
-                    if (parser->hook != NULL && s == APR_SUCCESS)
-                        s = apreq_hook_run(parser->hook, param, NULL);
-                    if (s != APR_SUCCESS) {
-                        ctx->status = HDR_ERROR;
-                        return s;
-                    }
+            default:
+                /* can parse brigade now */
+                if (off > 0)
+                    apr_bucket_split(e, off);
+                s = split_header_line(&param, pool, ctx->bb, ctx->nlen, ctx->glen, ctx->vlen);
+                if (parser->hook != NULL && s == APR_SUCCESS)
+                    s = apreq_hook_run(parser->hook, param, NULL);
+                if (s != APR_SUCCESS) {
+                    ctx->status = HDR_ERROR;
+                    return s;
+                }
 
-                    apreq_value_table_add(&param->v, t);
-                    ctx->nlen = 0;
-                    ctx->vlen = 0;
-                    ctx->glen = 0;
+                apreq_value_table_add(&param->v, t);
+                ctx->nlen = 0;
+                ctx->vlen = 0;
+                ctx->glen = 0;
 
-                    ctx->status = HDR_NEXTLINE;
-                    goto parse_hdr_bucket;
-                }
+                ctx->status = HDR_NEXTLINE;
+                goto parse_hdr_bucket;
             }
 
             /* fall thru */
-            ctx->status = HDR_CONTLINE;
+            ctx->status = HDR_FOLDLINE;
 
-        case HDR_CONTLINE:
+        case HDR_FOLDLINE:
 
             while (off < dlen) {
                 ch = data[off++];