A fix is available
APAR status
Closed as program error.
Error description
DFHAP0001 An abend (code 0C4/AKEA) has occurred at offset x'FFFFFFFF' in module Application program is received. You notice that the location of the application program in ESDSA has been shifted x'100' or 256 bytes resulting in the abend0c4. This seems to occur when CICS web requests are involved. A trap was provided and found that the location of the program in ESDSA was shifted in DFH$WBSC + x'238'. DFH$WBSC use a 256 byte area to communicate with DFH$WBST and DFH$WBSN. It creates this area by using the first 256 bytes of the area pointed to by DECODE_DATA_PTR. DFH$WBSC moves all the data, for a length of DECODE_INPUT_DATA_LEN up 256 bytes. When there is a lot of userdata, this move will go past the end of the DECODE_DATA_PTR buffer. This can cause all data in ESDSA to be shifted up 256 or x'100' bytes.
Local fix
DFH$WBSC can be modified as follows: L R1,#32K Set max length 35410000 CR R0,R1 Current length > max? 35420000 BNH LEN_OK No, continue 35430000 LR R0,R1 Yes, set to max 35440000 LEN_OK DS 0H 35450000 #32K DC F'32767' 89100000 Using basic authentication (i.e. Authenticate: Basic on TCPIPSERVICE) could also avoid this problem.
Problem summary
**************************************************************** * USERS AFFECTED: All. * **************************************************************** * PROBLEM DESCRIPTION: Abend 0C4 when CICS receives a large * * HTTP request (>32k) and the sample * * security analyser DFH$WBSA is being * * used. * **************************************************************** * RECOMMENDATION: * **************************************************************** A large (>32k) post has been received by a CICS region running with SEC=YES. During signon processing within DFH$WBSC, data is moved to create a work area for calling other programs, however the length used during this move is the length of input data instead of the length of the buffer where the data is being moved. This causes an overwrite of storage and in the customer's case it is program storage which leads to 0C4 abends. The problem could show itself in other ways for example corrupt data. Additional Keywords: ABENDS0C4 S0C4
Problem conclusion
DFH$WBSC has been changed in the DECODE routine to ensure that data is not moved beyond the end of the 32K input buffer.
Temporary fix
********* * HIPER * ********* CICS AR400 ++ APAR (AK15921). ++ VER (C150) FMID(HCI6400). ++ MACUPD (DFH$WBSC) DISTLIB(ADFHSAMP) SYSLIB(SDFHSAMP) /* MODULE: DFH$WBSC --- TYPE: SOURCE */. ./ CHANGE NAME=DFH$WBSC,SEQFLD=738 L R1,#32K Set max length @BA15921 35430000 CR R0,R1 Current length > max? @BA15921 35460000 BNH LEN_OK No, continue @BA15921 35490000 LR R0,R1 Yes, set to max @BA15921 35520000 LEN_OK DS 0H @BA15921 35550000 #32K DC F'32767' Max length for move @BA15921 89100000 ./ ENDUP
Comments
APAR Information
APAR number
PK15921
Reported component name
CICSTS 3.1 Z/OS
Reported component ID
5655M1500
Reported release
400
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt
Submitted date
2005-11-30
Closed date
2005-12-13
Last modified date
2006-01-04
APAR is sysrouted FROM one or more of the following:
PK12485
APAR is sysrouted TO one or more of the following:
UK10003
Modules/Macros
DFH$WBSC
Fix information
Fixed component name
CICSTS 3.1 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R400 PSY UK10003
UP05/12/17 P F512
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 January 2006