A fix is available
APAR status
Closed as program error.
Error description
You are using ECI v2 with Containers and have noticed behavior differences when sending bad security credentials, depending upon the size of the data in the Container. When executing a client application that sends <64K of data in a Container to a Cobol program running in CICS along with bad security credentials, the security check correctly prevents the Mirror Transaction (CPMI) from executing. You receive a (-27) - ECI_ERR_SECURITY_ERROR message. However, when executing a client application that sends >64K of data in a Container to a Cobol program running in CICS along with bad security credentials, the security check correctly prevents the Mirror Transaction (CPMI) from executing, but you receive a (-30) - ECI_ERR_ROLLEDBACK message.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users. * **************************************************************** * PROBLEM DESCRIPTION: An IPIC connection with a USERAUTH() * * specification fails to send a security * * violation error message to the client * * side if all the request data has not * * been received. * **************************************************************** A USERAUTH() specification is set on an IPIC connection. An ECI request arrives in CICS that does not contain the required security credentials. This causes a security violation. However, the related security violation message can not be sent to the client because the conversation is still in receive status. Not all the data from the request has been received yet, this is because the data is over 64KB. This results in more than one buffer being needed to transfer the data for the request. As a result of the security violation, the mirror task is terminated. When the rest of the data for this request arrives a conversation error is sent back to the client. The client is not informed of the security error.
Problem conclusion
DFHISIS has been changed to correctly return a security violation error when one occurs.
Temporary fix
Comments
APAR Information
APAR number
PH24595
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
200
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-04-20
Closed date
2020-08-11
Last modified date
2020-09-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI70999 UI71000 UI71001
Modules/Macros
DFHISIS
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R100 PSY UI70999
UP20/09/01 P F008
R200 PSY UI71000
UP20/09/01 P F008
R300 PSY UI71001
UP20/09/01 P F008
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.5","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
02 September 2020