A fix is available
APAR status
Closed as program error.
Error description
The problem is happening in EZBSOMIM's FillUserTTLSBuffer routine. It's using TTLSi_Cert_Len as the length of data to move into the user's buffer pointed to by TTLSi_BufferPtr . However, TTLS already found that the buffer was too small and set ENOBUFS. TTLSi_BufferLen = 000003B8. TTLSi_Cert_Len = 00000409. EZBSOMIM ended up moving x'409' bytes from its buffer to a x'3B8' byte application storage area and wiped out the trailing SAA causing the SM 0D11 error. 12:11:52 PM: The problem only happens when TTLSi_Ver = TTLS_VERSION1 (which EZACIC02 does set). Additional Symptom(s) Search Keyword(s): CICS storage violation EZACIC02 Getmain verification steps: CICS socket interface was setup to use ATTLS and had GETTID=YES set in the ezaconfg file
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All users of the IBM Communications Server for z/OS Version * * 2 Release 1 and 2 IP:Sockets Extended API and AT-TLS * **************************************************************** * PROBLEM DESCRIPTION: * * An overlay may occur when the SIOCTTLSCTL IOCTL is issued to * * the Sockets Extended API to retrieve a certificate and the * * supplied buffer is not large enough to hold the certificate. * **************************************************************** * RECOMMENDATION: * * Apply the PTF * **************************************************************** When the stack recognizes that the supplied buffer is not large enough to hold the certificate, a return code of ENOBUFS is set and the size required to hold the certificate is placed in the TTLSi_Cert_Len field. The Sockets Extended code (EZBSOMIM) uses the TTLSi_Cert_Len field to copy the certificate back to the user's buffer without checking the return code first. This copy can cause an overlay in the user's storage when the return code is ENOBUFS.
Problem conclusion
EZBSOMIM is updated to only copy the certificate if the return code is OK.
Temporary fix
Comments
APAR Information
APAR number
PI52288
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
210
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-11-10
Closed date
2015-11-23
Last modified date
2016-02-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI33204 UI33205
Modules/Macros
EZBSOMIM
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"210","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"210","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 February 2016