A fix is available
APAR status
Closed as program error.
Error description
Ø PI28088 introduced a path in CSQXREXT where the amount of data to be sent over the channel for a security exit is incorrectly calculated. This results in the security flow with a non-zero length for the user data, but the data itself is not included. The error can occur with either MQXCC_SEND_SEC_MSG or MQXCC_SEND_AND_REQUEST_SEC_MSG set in ExitResponse. The user data is the message that the exit wants to be sent to the other end of the channel in AgentBuffer or ExitBuffer, depending on the setting of ExitResponse2. The symptoms may vary depending on the configuration and on the logic of the security exit. For the reported case, symptoms include: - The start of a client channel hangs for a SVRCONN that contains a security exit. A trace on the client side shows that the last call was to rriCALL_EXIT. - There is no error message except for CSQX208E RC=00000461 (ECONNRESET) when the hung channel is manually terminated. Additional Symptom(s) Search Keyword(s): ExitResponse: MQXCC_SEND_AND_REQUEST_SEC_MSG -3 X'FFFFFFFD' MQXCC_SEND_SEC_MSG -4 X'FFFFFFFC' UserDataLength UserData Other possible symptoms include: - CSQX504E local protocol error, TYPE=0000000A DATA=00000081 where 0000000A means "incorrect segment type". - CSQX523E CSQXRCTL Remote protocol error type=0000000B data=00000000 where 0000000B means "Incorrect length"
Local fix
Back out UI23234, the 7.1.0 PTF for PI28088. The 7.0.1 PTF does not have the same problem. For V8, the fix will be in PI30045.
Problem summary
**************************************************************** * USERS AFFECTED: All users of WebSphere MQ for z/OS Version 7 * * Release 1 Modification 0. * **************************************************************** * PROBLEM DESCRIPTION: Client connection to the queue manager * * hangs when using a security exit that * * uses the Agent Buffer. * **************************************************************** * RECOMMENDATION: * **************************************************************** After invoking a channel security exit, rriAcceptSecurityReceive detected that the exit had returned a MQXCC_SEND_SEC_MSG or a MQXCC_SEND_AND_REQUEST_SEC_MSG, and had provided the message to send in a buffer provided by the agent (MQXR2_USE_AGENT_BUFFER). The length of data to be sent is set to the current TSH size, which in this case was insufficient to contain the message data. This is because the code changes in PI28088 removed the setting of a new TSH size, appropriate to the amount of data to be sent. This results in a security flow with a non-zero length for the user data, but the data itself is not included, or may be truncated.
Problem conclusion
The fix made by PI28088 had been modified to correctly set the size of the TSH buffer for the security data regardless of whether the Agent or Exit buffer is being used. 100Y CSQXREXT
Temporary fix
********* * HIPER * *********
Comments
APAR Information
APAR number
PI36185
Reported component name
WMQ Z/OS V7
Reported component ID
5655R3600
Reported release
100
Status
CLOSED PER
PE
YesPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-03-03
Closed date
2015-04-24
Last modified date
2015-08-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI27026
Modules/Macros
CSQXREXT
Fix information
Fixed component name
WMQ Z/OS V7
Fixed component ID
5655R3600
Applicable component levels
R100 PSY UI27026
UP15/06/03 P F506 «
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
27 August 2015