2 files changed, 11 insertions, 5 deletions

diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index c0dab131..59ef226a 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -204,13 +204,15 @@ obj_to_asn1bstr(VALUE obj, long unused_bits)
 {
     ASN1_BIT_STRING *bstr;
 
-    if(unused_bits < 0) unused_bits = 0;
+    if (unused_bits < 0 || unused_bits > 7)
+	ossl_raise(eASN1Error, "unused_bits for a bitstring value must be in "\
+		   "the range 0 to 7");
     StringValue(obj);
     if(!(bstr = ASN1_BIT_STRING_new()))
 	ossl_raise(eASN1Error, NULL);
     ASN1_BIT_STRING_set(bstr, (unsigned char *)RSTRING_PTR(obj), RSTRING_LENINT(obj));
     bstr->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
-    bstr->flags |= ASN1_STRING_FLAG_BITS_LEFT|(unused_bits&0x07);
+    bstr->flags |= ASN1_STRING_FLAG_BITS_LEFT | unused_bits;
 
     return bstr;
 }
@@ -498,7 +500,7 @@ ossl_asn1_get_asn1type(VALUE obj)
     VALUE value, rflag;
     void *ptr;
     void (*free_func)();
-    int tag, flag;
+    int tag;
 
     tag = ossl_asn1_default_tag(obj);
     value = ossl_asn1_get_value(obj);
@@ -514,8 +516,7 @@ ossl_asn1_get_asn1type(VALUE obj)
 	break;
     case V_ASN1_BIT_STRING:
         rflag = rb_attr_get(obj, sivUNUSED_BITS);
-        flag = NIL_P(rflag) ? -1 : NUM2INT(rflag);
-	ptr = obj_to_asn1bstr(value, flag);
+	ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
 	free_func = ASN1_BIT_STRING_free;
 	break;
     case V_ASN1_NULL:
diff --git a/test/test_asn1.rb b/test/test_asn1.rb
index a18e8dd8..e98b9202 100644
--- a/test/test_asn1.rb
+++ b/test/test_asn1.rb
@@ -271,6 +271,11 @@ class  OpenSSL::TestASN1 < OpenSSL::TestCase
     # assert_raise(OpenSSL::ASN1::ASN1Error) {
     #   OpenSSL::ASN1.decode(B(%w{ 03 01 04 }))
     # }
+    assert_raise(OpenSSL::ASN1::ASN1Error) {
+      obj = OpenSSL::ASN1::BitString.new(B(%w{ FF FF }))
+      obj.unused_bits = 8
+      obj.to_der
+    }
   end
 
   def test_string_basic