PM25152: POTENTIAL OVERLAYS WITH AT-TLS ENABLED

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• When AT-TLS is enabled (the TTLS keyword on the TCPCONFIG
  statement) and a new connection is established whose policy
  matches an AT-TLS rule, the potential exists for some client
  sequences to cause an SKMB pointer for the sixth byte to be
  stored at +C into some other control block.  Results of this
  overlay are unpredictable, and the affected connection will
  hang.
  
  Known symptoms:
  
    An S0C4 ABEND on a system performing Sysplex Distribution when
    processing a corrupted NEWCONN from a target that had the
    above overlay.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All users of Communications Server for       *
  *                 z/OS Version 1 Release(s) 11 and 12 IP:      *
  *                 ATTLS                                        *
  ****************************************************************
  * PROBLEM DESCRIPTION: Abend0c4 in module EZBXFMS6             *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  The problem may be summarized as follows:
  
  1. A client connected to a Telnet port which was defined
     with ATTLS enabled (TTLSPORT).
  2. The client sent a unique data pattern to Telnet.  SKMBs
     representing this data pattern were queued to the the TLSX
     TCB extension.  The SKMB chain was represented with a head
     and a tail pointer.
  3. Eventually, ATTLS processing compressed the chain of SKMBs.
     The head pointer of the TLSX based chain was set to point
     to a newly allocated SKMB.  The original SKMBs on the
     chain were freed.
  4. The tail pointer was not reset and continued to point to
     one of the freed SKMBs (now residual storage).
  5. An overlay occurred when the next data packet arrived and
     the residual SKMB pointer was referenced.  Note that
     various abends/manifestations may occur depending on the
     storage that was overlayed.
  6. The target ATTLS application in this case was Telnet but
     the problem could happen with other applications.
  +-------------------------------------------------------------+
  + Please check our Communications Server for OS/390 homepages +
  + for common networking tips and fixes.  The URL for these    +
  + homepages can be found in Informational APAR II11334.       +
  +-------------------------------------------------------------+
  

Problem conclusion

• To resolve this problem, routine TTLSProc_MsgQ in macro
  EZBZTLUT has been amended to correctly manage the
  TLSX_recv_qtail queue tail pointer when compressing
  the SKMB chain.  Modules EZBTLRDQ, EZBTLFIO, and
  EZBTLSRH have been recompiled with this macro change.
  Module EZBTLMST has been included for maintenance
  purposes.
  
  * Cross Reference between External and Internal Names
  

Temporary fix

• *********
  * HIPER *
  *********
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UK62173 UK62174

Modules/Macros

• EZBTLFIO EZBTLMST EZBTLRDQ EZBTLSRH EZBZTLUT
  

Fix information

• Fixed component name

  TCP/IP V3 MVS

• Fixed component ID

  5655HAL00

Applicable component levels

• R1B0 PSY UK62173

     UP10/12/22 P F012 Ž

• R1C0 PSY UK62174

     UP10/12/22 P F012 Ž

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.