PI41089: IF A % SIGN IS THE LAST CHARACTER IN A DATASTREAM RIGHT BEFORE THE CRLF STORAGE VIOLATIONS OCCUR DURING URLENCODE PROCESSING.

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• When a % sign is the last character in a data stream right
  before the CRLF during URLENCODE processing this caused module
  DFHCCNV4 to do a MVCL with a length of -2 x'FFFFFFFE'.
  
  Eventually this tries to overwrite storage it cannot access and
  the 0C4 occurs.  In the dump reg3 can be seen containing -2 and
  reg1 and regF are loaded from reg3 for the MVCL. CICS should not
  be attempting this disaterous MVCL based on bad user data. The
  problem can be avoided by ensuring the Client Application is
  sending in valid data.
  
  This problem can also occur when there is a % sign before the
  last character, in which case the length is -1 FFFFFFFF.
  
  MVCL treats the last 24 bits of the length as an unsigned
  binary value, therefore, the number of bytes to be moved is
  either FFFFFE (16MB-2) or FFFFFF (16MB-1).
  
  It is possible that no S0C4 occurs, and the customer may see
  CICS terminate for no apparent reason with:
  
  0S12I MAIN TASK TERMINATION
  0S00I SUB DFHSKTSK CANCELED
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All                                          *
  ****************************************************************
  * PROBLEM DESCRIPTION: A URL ending with an escape string of   *
  *                      only one character can cause a          *
  *                      DFHAP0001 indicating an 0C4 in DFHCCNV. *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  CICS assumes that there should be always two or more characters
  following the start of an escaped string.  In an invalid escape
  string at the end of a URL, there may be only one character.
  This results in a negative length for the move of data to the
  output buffer, which can cause a storage violation.
  
  The same problem can occur for the value of an HTML FORMFIELD
  name/value pair.
  
  Although the normal result is an attempt to overlay the ERDSA,
  it is also possible that the overlay will result in the
  unexpected termination of CICS with messages:
  
  0S12I MAIN TASK TERMINATION
  0S00I SUB DFHSKTSK CANCELED
  
  Keywords: MSGDFHSM0101 MSGDFHAP0001 abend0C4 abendS0C4 S0C4
  MSGDFHSM0002 DFHSM0002 SM0002 MSGDFHSM0102 DFHSM0102 SM0102
  MSGDFHSR0622 DFHSR0622 SR0622 ERDSA MSG0S12I MSG0S00I
  

Problem conclusion

• DFHCCNV has been modified to check that an escape string
  commences further than two characters from the end of the URL
  or HTML value.
  

Temporary fix

• FIX AVAILABLE BY PTF ONLY
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

  PQ60227

• APAR is sysrouted TO one or more of the following:

Modules/Macros

• DFHCCNV
  

Fix information

• Fixed component name

  CICSTS FOR VSE

• Fixed component ID

  564805400

Applicable component levels

• RB0P PSY UI27869

     UP15/05/27 I 1000

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.