A fix is available
APAR status
Closed as program error.
Error description
Various errors may occur when the CICS analyzers calls DFHWBUN to unescape data received from a browser. When the data is codepage converted it is taken from the buffer holding the original data received from the socket and not the buffer that was passed to the analyzer. This means the unescaping changes are lost.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All. * **************************************************************** * PROBLEM DESCRIPTION: Unable to signon using the CICS Web * * sample security program. * **************************************************************** * RECOMMENDATION: * **************************************************************** CICS receives data from a browser which contains escaped characters, in this case a space at the end of "signon" is escaped to a plus "+". The data is unescaped by DFHWBUN and saved into a buffer. When a request is made to codepage convert the data, instead of using this new buffer as input to the conversion, the original (escaped) buffer is used. This means that the data passed to the application contains escaped data causing unpredictable results. In this case the signon program DFHWBSN cannot find the requested function "signon " as it is suffixed with a plus sign instead of a space. Additional keywords: DFH$WBSN DFH$WBSA DFH$WBSC
Problem conclusion
DFHWBSR has been changed in routine wbrq_inbound_translate_user_data to allocate an intermediate buffer as input to the CONVERT_DATA call. The unescaped output from the analyser is copied into this buffer before the call. On return from the call this buffer is freemained. The data length wrb_user_data_length, is also updated after conversion.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
ž**** PE07/04/27 FIX IN ERROR. SEE APAR PK41659 FOR DESCRIPTION
APAR Information
APAR number
PK07733
Reported component name
CICSTS 3.1 Z/OS
Reported component ID
5655M1500
Reported release
400
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2005-06-21
Closed date
2005-08-15
Last modified date
2007-07-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK06308 PK49117
Modules/Macros
DESWBAP DESWBDM DESWBRQ DESWBSR DESWBXM DFHWBAP DFHWBAPF DFHWBDM DFHWBRQD DFHWBRQS DFHWBSR DFHWBXM
Fix information
Fixed component name
CICSTS 3.1 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R400 PSY UK06308
UP05/08/22 P F508
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
18 July 2007