catch case where blen%8 != 0

src/pk/asn1/der/bit/der_decode_raw_bit_string.c

@@ -78,7 +78,7 @@ int der_decode_raw_bit_string(const unsigned char *in,  unsigned long inlen,
    blen = ((dlen - 1) << 3) - (in[x++] & 7);
 
    /* too many bits? */
-   if (blen/8 > *outlen) {
+   if ((blen + 7)/8 > *outlen) {
       *outlen = blen;
       return CRYPT_BUFFER_OVERFLOW;
    }