PI13470: Expired password calls DFHWBPW which causes a storage violation after migrating to CICS TS 5.1

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• After migrating to CICS Transaction Server 5.1, your
  application starts getting a DFHSM0102 message. This overlay
  only seems to occur when a password has expired. The user
  accesses CICS from a browser and is prompted that the password
  has expired and to change it. After the user supplies a new
  password, the storage violation is detected.
  
  Review of the dump shows that DFHWBPW is being called due to
  the expired password. The piece of storage where the overlay
  was detected is x'830' bytes and last x'10' bytes looks like
  the following:
  00C7C5E3   40404040   40F0F0F0   F5F1F8F7   | .GET     0005187 |
  
  You can see that the first byte of the trailing checkzone was
  overlaid with x'40'. You can also see that after the GET there
  are 5 bytes of x'40's.
  
  Review of the DFHEISTG for DFHWBPW shows that the METHOD_TYPE
  field is being treated as a 4 byte field, but when the address
  of METHOD_TYPE is passed to the READFORM routine, READFORM
  clears 8 bytes of storage. This is what is causing the overlay.
  
  
  Additional Symptom(s) Search Keyword(s): READFORM also gets
  passed the password address, which was increased to 100
  characters but still only clears 8 bytes.
  DFHSM0102 0D11 WEB HTTP PWD
  KIXREVSCB
  

Local fix

• N/A
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICS users.                              *
  ****************************************************************
  * PROBLEM DESCRIPTION: Message "DFHSM0102 A storage violation  *
  *                      (code X'0D11') has been detected by     *
  *                      module DFHSMMF." is issued when using   *
  *                      HTTP Basic Authentication and the       *
  *                      password expires.                       *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  An HTTP request is sent from web browser to CICS server. Basic
  authentication failed with password expired and DFHWBPW is
  invoked to handle expired passwords. DFHWBPW returns a form that
  prompts the user for his current(expired) password and two
  copies of a proposed new password. When the user completes and
  submits the form, DFHWBPW is reinvoked to interpret the results.
  When it extracts the values user inputs for password management,
  a generic routine is called to read formfield. The routine
  initializes the output area to blanks using hard code length 8.
  The problem happens when the routine extracts method type field.
  Method type field is 4 bytes long but is cleared with 8 blanks.
  This cause storage overlay and since the storage following this
  field is storage check zone, storage violation occurs when doing
  freemain.
  Additional keyword: MSGDFHSM0102
  

Problem conclusion

• DFHWBPW has been altered to clear the correct length of
  output area when reading form fields.
  

Temporary fix

• FIX AVAILABLE BY PTF ONLY
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI18254

Modules/Macros

• DFHWBPW
  

Fix information

• Fixed component name

  CICS TS Z/OS V5

• Fixed component ID

  5655Y0400

Applicable component levels

• R800 PSY UI18254

     UP14/05/30 P F405

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.