PH42909: ABEND S283 POSSIBLE IN ESM IF USERID WITH TRAILING SPACES SENT IN TO CICS

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• Abend with COMPLETION CODE S283 REASON CODE 00000018 may be seen
  if a userid with trailing blanks is sent in to CICS. If those
  trailing blanks leads to the userid being an invalid length (10
  in the case which raised this APAR) then an abend may occur in
  an ESM module, and a message similar to the following may be
  seen
  
  CCSR010E ACF9C000 S283 at 12011D62 LMOD ACF9C000 CSECT ACF9CVER
  +002E12
  
  In a dump, the invalid length may be seen in a trace similar to
  the following:
  
  XS FE01 XSSE  ENTRY FUNCTION(REGISTER_CERTIFICATE_USER)
               CERTIFICATE(163CC090 , 0000053C)
               USERID_LENGTH(A) USERID(USER001)
  
               PASSWORD(00000000 , 00000000)
  
  
  
  
  Note the USERID_LENGTH(A) above, which is decimal 10, and not
  valid for a userid.
  

Local fix

• Do not add trailing spaces to userid
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: All.                                         *
  ****************************************************************
  * PROBLEM DESCRIPTION: ESM or CICS Security errors when USERID *
  *                      has trailing blanks.                    *
  ****************************************************************
  This problem presents in the following circumstances:
  
  - CICS is using a TCPIPSERVICE where its SECURITY settings are:
    SSL:  Clientauth
    CErtificate: < a known to ESM Server certificate which was
                   used to create an UNKNOWN to the ESM, Client
                   certificate >
    AUthenticate:  AUTORegister or AUTOMatic
  
  Both of these authenticate methods allow an unregistered client
  certificate to be presented along with a USERID and password
  (in an HTTP Authorization header) and for that certificate
  to then be registered in the ESM and owned by the authenticated
  USERID.
  
  However (for example) if a 7 character USERID followed by blanks
  is used then routine register_certificate_user is driven and
  this will pass the USERID with trailing blanks to the ESM.
  The call fails due to the trailing blanks.
  Depending on the ESM, the failing call may typically abend
  with an DFHXS0001 severe_error or an S283 abend.
  
  Keywords: AKEX abendAKEX 0C4
  

Problem conclusion

• DFHXSPW has been amended to trim trailing blanks from the
  supplied USERID.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI79929 UI79930

Modules/Macros

• DFHXSPW
  

Fix information

• Fixed component name

  CICS TS Z/OS V5

• Fixed component ID

  5655Y0400

Applicable component levels

• R200 PSY UI79930

     UP22/03/30 P F203

• R300 PSY UI79929

     UP22/03/30 P F203

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.