IBM Support

PH13510: WMQ ABEND0C4 IN VARIOUS MODULES INCLUDING CSQCQSRV WHEN CHLAUTH RULES ARE DEFINED AND A SECURITY EXIT IS ALSO INVOKED

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Change Team finds a storage overlay may result when the CHINIT
    calls the MQ MSTR to obtain information about a CHLAUTH record.
    A pre-allocated buffer may be used without correctly specifying
    the length of the buffer. If the CHLAUTH record which is
    retrieved is longer than the actual buffer size, the data copied
    into the buffer by the MSTR may run off the end of the allocated
    storage and overlay subsequent data. This issue could occur with
    various combinations of CHLAUTH fields (e.g. if the SSLPEER name
    is particularly long, that would be sufficient without SSLCERTI
    being set). It is noted that a security exit in place alters
    the sequence of CHLAUTH calls so would have an impact on exactly
    how the buffer gets reused. Exact symptoms will vary depending
    on what area of storage is overlaid including, but not limited
    to, generation of CSQX053E SNAP messages, ABEND0C4s and various
    ABEND5C6s
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of IBM MQ for z/OS Version 9       *
    *                 Release 0 Modification 0 and Release 1       *
    *                 Modification 0.                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: Various ABENDs and dumps when a SVRCONN *
    *                      channel using chlauth rules to control  *
    *                      access, is also configured with a       *
    *                      security exit.                          *
    ****************************************************************
    A SVRCONN channel is configured with a security exit, and also
    has chlauth rules set up to control access to the channel. When
    the options on the chlauth rules specify an SSLPEERMAP with both
    SSLPEER and SSLCERTI set, the chinit ABENDs and will not
    shut down normally, so has to be cancelled.
    The issue is caused by inadequate tracking of the length of a
    chlauth storage buffer resulting in arbitrary storage overlays.
    Various and multiple symptoms may result including 0C4 and 5C6
    ABENDs.
    
    Additional keywords: CSQX053E
    

Problem conclusion

  • The channel access cache functions in module csqxrscm have been
    updated to correctly track the length of the chlauth storage
    buffer.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH13510

  • Reported component name

    IBM MQ Z/OS V9

  • Reported component ID

    5655MQ900

  • Reported release

    000

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-06-18

  • Closed date

    2019-07-30

  • Last modified date

    2019-10-01

  • APAR is sysrouted FROM one or more of the following:

    PH07817

  • APAR is sysrouted TO one or more of the following:

    UI64480 UI64481

Modules/Macros

  • CSQXRSCM
    

Fix information

  • Fixed component name

    IBM MQ Z/OS V9

  • Fixed component ID

    5655MQ900

Applicable component levels

  • R000 PSY UI64480

       UP19/09/26 P F909 ¢

  • R100 PSY UI64481

       UP19/09/26 P F909 ¢

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
01 October 2019