A fix is available
APAR status
Closed as unreproducible in next release.
Error description
The customer is running WebSphere MQ on z/OS V710 when running along, they received: DUMP TITLE=CSQ2,ABN=0C4-00000011,C=R3600.710.CHIN,M=CSQXDISP, LOC=CSQXRCTL.CMQXREVN+01B66 . Event functions module CMQXREVN (v710 base) failing at offset x'01B66' . MSTR Log shows: . 18.46.44 IEA794I SVC DUMP HAS CAPTURED: DUMPID=001 REQUESTED BY JOB (CSQ2CHIN) DUMP TITLE=CSQ2,ABN= 0C4-00000011,C=R3600.710.CHIN,M=CSQXDISP, LOC=CSQXRCTL.CMQXREVN+01B66 . CHIN log shows: . 18.46.44 +CSQX112E +CSQ2 CSQXDISP Dispatcher process error, TCB=009BC6D8 reason=0C4000-00000011 . Looking through the Savearea chain, it appears that an event was trying to be written to the SYSTEM.ADMIN.CHANNEL.EVENT queue for a CLUSRCVR channel. . The change team reviewed the dump and found that the abend occurs when CHLAUTH processing attempts to put a warning event message to SYSTEM.ADMIN.CHANNEL.EVENT due to a channel using SSL matching a CHLAUTH rule that would block it with the WARN(YES) option. . Looking at the configured CHLAUTH rules I can see that the CLUSRCVR channel has a rule to warn on any unexpected connections from queue managers for which no other rule matches. In this case the remote queue manager, there is no rule to allow connections from this queue manager. . While putting the warning event message to the event queue, rsiEvent is called and is passed various attributes of the channel. In the failing case, it has been passed a pointer to the SSLPeerName, and is attempting to determine the length of this distinguished name. However, rsiEvent incorrectly assumes the storage containing this value is 1024 bytes long, however in this case it is just long enough to contain the actual value. While attempting to determine the correct length, GetLen attempts to access inaccessible storage beyond the end of the storage allocated for the SSLPeerName value and abends 0C4.
Local fix
This abend can be avoided by adding an appropriate CHLAUTH rule to allow connections from queue manager on these channels (assuming that this queue manager is expected to be connecting using these channels).
Problem summary
**************************************************************** * USERS AFFECTED: All users of WebSphere MQ for z/OS Version 7 * * Release 1 Modification 0. * **************************************************************** * PROBLEM DESCRIPTION: MQRC_CHANNEL_BLOCKED_WARNING event * * messages contain invalid data in the * * MQCACH_SSL_PEER_NAME parameter. * * In some cases abend 0C4 in * * CSQXRCTL.CMQXREVN occurs during * * generation of the message. * **************************************************************** * RECOMMENDATION: * **************************************************************** During start up of a channel using SSL/TLS, rriCheckChlAuth is called to evaluate any matching CHLAUTH rules for the channel. If a rule with WARN(YES) is matched, rsiEvent is called to generate an event message with reason MQRC_CHANNEL_BLOCKED_WARNING, and reason qualifier (MQIACF_REASON_QUALIFIER) MQRQ_CHANNEL_BLOCKED_NOACCESS. During generation of the event message, for SSL/TLS channels the MQCACH_SSL_PEER_NAME parameter is added to the event message, however an error in calculating the length of the SSL Peer Name can result in either: - additional unexpected data being added to the SSL peer name in the event message or - abend 0C4 being issued
Problem conclusion
Temporary fix
Comments
The correct SSLPeerName length is passed to rsiEvent, preventing rsiEvent from calculating the length incorrectly.
APAR Information
APAR number
PI39033
Reported component name
WMQ Z/OS V7
Reported component ID
5655R3600
Reported release
100
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-04-14
Closed date
2015-04-27
Last modified date
2015-07-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI27092
Modules/Macros
CMQXREVN CMQXRMSA CSQXCCCX CSQXRMRS
Fix information
Fixed component name
WMQ Z/OS V7
Fixed component ID
5655R3600
Applicable component levels
R100 PSY UI27092
UP15/06/03 P F506
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 July 2015