A fix is available
APAR status
Closed as program error.
Error description
Change Team finds a storage overlay may result when the CHINIT calls the MQ MSTR to obtain information about a CHLAUTH record. A pre-allocated buffer may be used without correctly specifying the length of the buffer. If the CHLAUTH record which is retrieved is longer than the actual buffer size, the data copied into the buffer by the MSTR may run off the end of the allocated storage and overlay subsequent data. This issue could occur with various combinations of CHLAUTH fields (e.g. if the SSLPEER name is particularly long, that would be sufficient without SSLCERTI being set). It is noted that a security exit in place alters the sequence of CHLAUTH calls so would have an impact on exactly how the buffer gets reused. Exact symptoms will vary depending on what area of storage is overlaid including, but not limited to, generation of CSQX053E SNAP messages, ABEND0C4s and various ABEND5C6s
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM MQ for z/OS Version 9 * * Release 0 Modification 0 and Release 1 * * Modification 0. * **************************************************************** * PROBLEM DESCRIPTION: Various ABENDs and dumps when a SVRCONN * * channel using chlauth rules to control * * access, is also configured with a * * security exit. * **************************************************************** A SVRCONN channel is configured with a security exit, and also has chlauth rules set up to control access to the channel. When the options on the chlauth rules specify an SSLPEERMAP with both SSLPEER and SSLCERTI set, the chinit ABENDs and will not shut down normally, so has to be cancelled. The issue is caused by inadequate tracking of the length of a chlauth storage buffer resulting in arbitrary storage overlays. Various and multiple symptoms may result including 0C4 and 5C6 ABENDs. Additional keywords: CSQX053E
Problem conclusion
The channel access cache functions in module csqxrscm have been updated to correctly track the length of the chlauth storage buffer.
Temporary fix
Comments
APAR Information
APAR number
PH13510
Reported component name
IBM MQ Z/OS V9
Reported component ID
5655MQ900
Reported release
000
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-06-18
Closed date
2019-07-30
Last modified date
2019-10-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI64480 UI64481
Modules/Macros
CSQXRSCM
Fix information
Fixed component name
IBM MQ Z/OS V9
Fixed component ID
5655MQ900
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
01 October 2019