A fix is available
APAR status
Closed as program error.
Error description
Various errors may occur when the CICS analyzers calls DFHWBUN to unescape data received from a browser. When the data is codepage converted it is taken from the buffer holding the original data received from the socket and not the buffer that was passed to the analyzer. This means the unescaping changes are lost. Additonal Symptoms and Keywords: DFHXS1201 is received when using special characters in password during signon. MSGDFHXS1201
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All. * **************************************************************** * PROBLEM DESCRIPTION: Unable to signon using the CICS Web * * sample security program. * **************************************************************** * RECOMMENDATION: * **************************************************************** CICS receives data from a browser which contains escaped characters, in this case a space at the end of "signon" is escaped to a plus "+". The data is unescaped by DFHWBUN and saved into a buffer. When a request is made to codepage convert the data, instead of using this new buffer as input to the conversion, the original (escaped) buffer is used. This means that the data passed to the application contains escaped data causing unpredictable results. In this case the signon program DFHWBSN cannot find the requested function "signon " as it is suffixed with a plus sign instead of a space. Additional keywords: DFH$WBSN DFH$WBSA DFH$WBSC
Problem conclusion
DFHWBSR has been changed in routine wbrq_inbound_translate_user_data to allocate an intermediate buffer as input to the CONVERT_DATA call if the analyser is called and there is less than 32k of input data. The unescaped output from the analyser is copied into this buffer before the call. On return from the call this buffer is freemained.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK49117
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-07-17
Closed date
2007-08-02
Last modified date
2008-08-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK27828
Modules/Macros
DESWBAP DESWBDM DESWBRQ DESWBRQF DESWBSR DESWBXM DFHWBAP DFHWBAPF DFHWBDM DFHWBRQS DFHWBSR DFHWBXM
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R500 PSY UK27828
UP07/08/08 P F708
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
15 August 2008