A fix is available
APAR status
Closed as program error.
Error description
RDZ V8516 INTERNAL DEFECTS AND ENHANCEMENTS - RSE
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: 01.All RDz users * * 02.All RDz users using DBCS text * * 03.All RDz users using APPC TSO command * * server * * 04.All RDz users who login by certificates * * 05.All RDz users * * 06.All RDz users * * 07.All RDz users * * 08.All RDz users * **************************************************************** * PROBLEM DESCRIPTION: 01.When a long MVS filter name is * * used, no data set information will * * be displayed when the filter is * * expanded. * * 02.Host log shows unexpected message * * U_BUFFER_OVERFLOW_ERROR * * 03.Passwords in APPC TSO command * * server are visible * * 04.User can login using revoked * * certificate * * 05.If an IO/security exception occurs * * in RDz server while downloading a * * big sequential data set, * * *rejectLogon status that is marked * * on a RDz server process sometimes * * remains set. * * 06.RDz receives one or more * * ABEND878-10 in native LE HEAP * * storage * * 07.RSE daemon might enable the SSLv3 * * protocol if it was previously * * disabled. * * 08.RDz TSO shell incorrectly * * translates "<" and ">" * * strings to "<" and ">". * **************************************************************** * RECOMMENDATION: * **************************************************************** 01.The RDz server added wild card characters to a given filter string which included wild cards to find datasets, so that the filter length was longer than the limitation of the filter string. 02.Host log shows unexpected message U_BUFFER_OVERFLOW_ERROR when the local code page is windows-31j or MS932 and the host code page is IBM-1390. 03.When RDz server is configured to use APPC TSO command server, the passwords of the users who currently log in are visible in a memory dump image. 04.A user can login using a revoked certificate via "Remote daemon" z/OS connection with certificate authentication method. 05.When RDz client starts editing a big sequential data set, an RDz server process is marked *rejectLogon while downloading the content and it can be seen by display process console command. If an IO/security exception occurs while downloading it, *rejectLogon status sometimes remains set, and the process marked *rejectLogon does not handle a new client any more. 06.RDz 9.1.0 of 31bit version has a memory leak in the trace code even if the trace is set to minimum (error only). RDz has another memory leak while opening a data set or a member in read mode. 07.RSE daemon might enable the SSLv3 protocol if it was previously disabled. Note that RSE server does not, so SSLv3 encrypted communication between client and host is not possible if SSLv3 is disabled for RSE server, even if RSE dameon enabled it. 08.RDz TSO shell incorrectly translates "<" and ">" strings to "<" and ">".
Problem conclusion
01.The RDz server was fixed to use proper length filters. 02.The code is updated to allocate enough buffer not to cause U_BUFFER_OVERFLOW_ERROR. 03.The code is updated to encrypt the passwords in APPC TSO command server. 04.The code is updated to check the CRL on a LDAP server in a remote daemon connection. 05.RDz server is updated to clear *rejectLogon status even if any exception occurs while downloading a big sequential data set. 06.The code is updated to fix the memory leaks. 07.RDz server is updated to always disable SSLv3. 08.RDz client is updated to escape '&' and ';' characters, before the input string is encoded in xml data and is sent to server. RDz server is updated to unescape '&' and ';' characters, after the received xml data is decoded. Only if both client and server can handle them, they are actually escaped.
Temporary fix
Comments
APAR Information
APAR number
PI21477
Reported component name
RD/Z HOST
Reported component ID
5724T0723
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-07-09
Closed date
2015-01-20
Last modified date
2015-02-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI24911
Modules/Macros
FEKDSI FEKFCMSG FEKFCORE FEKFCOR6 FEKFDIVP FEKFENVR FEKFLDSL FEKFMAIN FEKFMAI6 FEKFMINE FEKFTSO FEKFZOS
Fix information
Fixed component name
RD/Z HOST
Fixed component ID
5724T0723
Applicable component levels
R850 PSY UI24911
UP15/02/05 I 1000
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSJK49","label":"IBM Developer for z Systems"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
27 October 2020