PH07817: WMQ ABEND0C4 IN VARIOUS MODULES INCLUDING CSQCQSRV WHEN CHLAUTH RULES ARE DEFINED AND A SECURITY EXIT IS ALSO INVOKED

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• Change Team finds a storage overlay may result when the CHINIT
  calls the MQ MSTR to obtain information about a CHLAUTH record.
  A pre-allocated buffer may be used without correctly specifying
  the length of the buffer. If the CHLAUTH record which is
  retrieved is longer than the actual buffer size, the data copied
  into the buffer by the MSTR may run off the end of the allocated
  storage and overlay subsequent data. This issue could occur with
  various combinations of CHLAUTH fields (e.g. if the SSLPEER name
  is particularly long, that would be sufficient without SSLCERTI
  being set). It is noted that a security exit in place alters
  the sequence of CHLAUTH calls so would have an impact on exactly
  how the buffer gets reused. Exact symptoms will vary depending
  on what area of storage is overlaid including, but not limited
  to, generation of CSQX053E SNAP messages, ABEND0C4s and various
  ABEND5C6s
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All users of IBM MQ for z/OS Version 8       *
  *                 Release 0 Modification 0.                    *
  ****************************************************************
  * PROBLEM DESCRIPTION: Various ABENDs and dumps when a SVRCONN *
  *                      channel using chlauth rules to control  *
  *                      access, is also configured with a       *
  *                      security exit.                          *
  ****************************************************************
  A SVRCONN channel is configured with a security exit, and also
  has chlauth rules set up to control access to the channel. When
  the options on the chlauth rules specify an SSLPEERMAP with both
  SSLPEER and SSLCERTI set, the chinit ABENDs and will not
  shut down normally, so has to be cancelled.
  The issue is caused by inadequate tracking of the length of a
  chlauth storage buffer resulting in arbitrary storage overlays.
  Various and multiple symptoms may result including 0C4 and 5C6
  ABENDs.
  
  Additional keywords: CSQX053E
  

Problem conclusion

• The channel access cache functions in module csqxrscm have been
  updated to correctly track the length of the chlauth storage
  buffer.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  PH13510 UI64479

Modules/Macros

• CSQXRSCM
  

Fix information

• Fixed component name

  IBM MQ Z/OS V8

• Fixed component ID

  5655W9700

Applicable component levels

• R000 PSY UI64479

     UP19/09/26 P F909 ¢

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.