From 0b0427989025e146258265a37c78b92493ded5ea Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Fri, 29 Sep 2017 10:12:52 +0200
Subject: [PATCH] fix bit-length check in der_decode_raw_bit_string()

---
 src/pk/asn1/der/bit/der_decode_raw_bit_string.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c
index 9b8bbac..e6a59a0 100644
--- a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c
+++ b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c
@@ -77,7 +77,7 @@ int der_decode_raw_bit_string(const unsigned char *in,  unsigned long inlen,
    blen = ((dlen - 1) << 3) - (in[x++] & 7);
 
    /* too many bits? */
-   if (blen > *outlen) {
+   if (blen/8 > *outlen) {
       *outlen = blen;
       return CRYPT_BUFFER_OVERFLOW;
    }