IBM Support

PK44625: READNEXT FORMFIELD FOR THE QUERYSTRING IS GETTING LENGERR CONDITION IN TS 3.1

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • You have converted CICS TS 2.3 to TS 3.1. You have one web
    applicaton that does not work.
    You're getting the following errors,
    .
     Web Readnext, RESP=LENGERR 5
     REC ID= READ APPL , RESP=NOTFND 80
    .
     Your WS-RESP is 22
     Your WS-RESP2 is 5
    .
    The trace shows the following,
    WBAP  EXIT  - FUNCTION(READ_NEXT) RESPONSE(EXCEPTION)
                  REASON(FORMFLD_VALUE_LENGTH_ERROR)
                  HTTP_BUFFER_NAME(1211EED9 , 00000008 , 00000050)
                  HTTP_BUFFER_VALUE(9211EF2D , 6B408994 , 00007EF4)
    .
    Firstly, the forms data (i.e. the querystring) in this request
    is NOT valid.  It is just the token used by the security
    analyzer. There is NO equals sign after the name.  This invalid
    data causes CICS to useresidual data when returning the
    formfield value to the application.
    .
    This may result in a very large value length and a LENGERR
    condition. What should happen is for the STARTBROWSE to indicate
    that the forms data is invalid.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All.                                         *
    ****************************************************************
    * PROBLEM DESCRIPTION: EXEC CICS WEB READNEXT FORMFIELD gets   *
    *                      LENGERR when reading data from a        *
    *                      querystring which does not have a       *
    *                      valid forms structure.                  *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Formfield data input via an HTTP request for processing by
    a web-aware application should be in the form of name/value
    pairs where the name and value are separated by '=' and the
    pairs are separated by '&'. Even if a name field has no value
    it should still be delimited by '='.
    In this case an inbound HTTP type GET request had a querystring
    which contained a security token. This was taken as input by
    a web-aware program which issued a FORMFIELD BROWSE against it.
    The security token was taken as the name of the first field, but
    as it was not delimited by a '=' a corrupt name/value structure
    was built by the WEB STARTBROWSE FORMFIELD request, leading to
    a LENGERR condition being invalidly returned on the subsequent
    WEB READNEXT FORMFIELD command. Instead of the LENGERR, the
    invalid formfield data structure should be diagnosed during WEB
    STARTBROWSE FORMFIELD processing.
    This also applies if the WEB READ FORMFIELD command is used
    instead of a browse.
    If the same data is used as formfield data on a POST type
    these commands will cause an abend AEXZ to the web-aware
    application.
    Additional keywords: AbendAEXZ disaster AEIV abendAEIV
    FORMFIELD_STRUCT_FORM_ERR NAMESTRU
    

Problem conclusion

  • DFHEIWB and DFHWBRQF have been altered so that if invalid
    formfield data causes an attempt to overwrite storage past
    the end of the getmained name/value structure during a WEB
    STARTBROWSE FORMFIELD or a WEB READ FORMFIELD request, the
    application will receive an exception response of INVREQ with
    EIBRESP2 = 17, FORMFIELD_STRUCT_FORM_ERR, to denote that the
    forms data structure is invalid.
    In the case of a POST request, any FORMFIELD_STRUCT_FORM_ERR
    detected by CICS will now return an exception response with
    EIBRESP2 = 17, instead of an abendAEXZ disaster response as
    before.
    The CICS Transaction Server for z/OS Application Programming
    Reference, Version 3 Release 1, SC34-6434-00, will be updated
    with a new RESP2 value under the INVREQ condition for both
    the WEB STARTBROWSE FORMFIELD and the WEB READ FORMFIELD
    commands:
    '  17    Invalid forms data was found in the input message.'
    

Temporary fix

  • FIX AVAILABLE BY PTF ONLY
    

Comments

APAR Information

  • APAR number

    PK44625

  • Reported component name

    CICSTS 3.X Z/OS

  • Reported component ID

    5655M1500

  • Reported release

    400

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-05-04

  • Closed date

    2007-06-18

  • Last modified date

    2007-07-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UK26304

Modules/Macros

  •    DESEIWB  DESWBAP  DESWBDM  DESWBRQ  DESWBRQF
    DESWBSR  DESWBXM  DFHEIWB  DFHWBAP  DFHWBAPA DFHWBAPF DFHWBAPJ
    DFHWBAPM DFHWBAPT DFHWBAPV DFHWBDM  DFHWBRQD DFHWBRQS DFHWBSR
    DFHWBSRA DFHWBSRM DFHWBSRT DFHWBXM  DFHWBXMA DFHWBXMT
    

Publications Referenced
SC34643400    

Fix information

  • Fixed component name

    CICSTS 3.X Z/OS

  • Fixed component ID

    5655M1500

Applicable component levels

  • R400 PSY UK26304

       UP07/06/22 P F706

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
03 July 2007