Fixes are available
APAR status
Closed as program error.
Error description
When a server side exit responds with a ExitResponse code of MQXCC_SEND_AND_REQUEST_SEC_MSG, the client is expected to respond with a security message. However, if the client responds with a non-security message, the server side code accepts this response while the correct behaviour is to report an error. Furthermore, when the client responds with an unrealistic value of DataLength, the server must terminate the channel instead of proceeding with the given DataLength.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: Users of WebSphere MQ who make use of security exits . Platforms affected: All Distributed (iSeries, all Unix and Windows) **************************************************************** PROBLEM SUMMARY: The WebSphere MQ code did not have sufficient checks in place to ensure that a ExitResponse of MQXCC_SEND_AND_REQUEST_SEC_MSG from the server will result in a security message from the client. When the client responds with a DataLength value which is unrealistically large, the server accepts this value and later fails while attempting to use the memory allocated.
Problem conclusion
A check was introduced to ensure non-security responses from the client to a ExitResponse of MQXCC_SEND_AND_REQUEST_SEC_MSG are returned an error. An error code of rrcE_SECURITY_NOT_RECEIVED is generated in the WebSphere MQ error logs. Furthermore, if the value of DataLength is more than the maximum transmission size of the channel, the channel is terminated with a rrcE_PROTOCOL_ERROR. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: v7.0 Platform Fix Pack 7.0.1.3 -------- -------------------- Windows U200320 AIX U834987 HP-UX (PA-RISC) U834414 HP-UX (Itanium) U834413 Solaris (SPARC) U834986 Solaris (x86-64) U834210 iSeries tbc_p700_0_1_3 Linux (x86) U834415 Linux (x86-64) U834985 Linux (zSeries) U834412 Linux (Power) U835662 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available, information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IC67589
Reported component name
WMQ WINDOWS V7
Reported component ID
5724H7220
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-04-01
Closed date
2010-04-26
Last modified date
2010-04-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ WINDOWS V7
Fixed component ID
5724H7220
Applicable component levels
R700 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDEZSF","label":"IBM WebSphere MQ Managed File Transfer for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 March 2023