IBM Support

PK15921: DFHAP0001 AN ABEND (CODE 0C4/AKEA) HAS OCCURRED AT OFFSET X'FFFFFFFF' IN MODULE PGMNAME

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • DFHAP0001 An abend (code 0C4/AKEA) has occurred at offset
x'FFFFFFFF' in module Application program is received.  You
notice that the location of the application program in ESDSA
has been shifted x'100' or 256 bytes resulting in the abend0c4.
This seems to occur when CICS web requests are involved.
A trap was provided and found that the location of the
program in ESDSA was shifted in DFH$WBSC + x'238'.
DFH$WBSC use a 256 byte area to communicate with DFH$WBST and
DFH$WBSN.  It creates this area by using the first 256 bytes of
the area pointed to by DECODE_DATA_PTR.  DFH$WBSC moves all the
data, for a length of DECODE_INPUT_DATA_LEN up 256 bytes.
When there is a lot of userdata, this move will go past the end
of the DECODE_DATA_PTR buffer.  This can cause all data in
ESDSA to be shifted up 256 or x'100' bytes.

Local fix

  • DFH$WBSC can be modified as follows:
L     R1,#32K      Set max length                    35410000
CR    R0,R1        Current length > max?             35420000
BNH   LEN_OK       No, continue                      35430000
LR    R0,R1        Yes, set to max                   35440000
LEN_OK  DS    0H                                     35450000

#32K  DC  F'32767'                                   89100000



Using basic authentication (i.e. Authenticate: Basic on
TCPIPSERVICE) could also avoid this problem.

Problem summary

  • ****************************************************************
* USERS AFFECTED: All.                                         *
****************************************************************
* PROBLEM DESCRIPTION: Abend 0C4 when CICS receives a large    *
*                      HTTP request (>32k) and the sample      *
*                      security analyser DFH$WBSA is being     *
*                      used.                                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
A large (>32k) post has been received by a CICS region running
with SEC=YES. During signon processing within DFH$WBSC, data is
moved to create a work area for calling other programs, however
the length used during this move is the length of input data
instead of the length of the buffer where the data is being
moved. This causes an overwrite of storage and in the customer's
case it is program storage which leads to 0C4 abends.
The problem could show itself in other ways for example corrupt
data.
Additional Keywords: ABENDS0C4 S0C4

Problem conclusion

  • DFH$WBSC has been changed in the DECODE routine to ensure that
data is not moved beyond the end of the 32K input buffer.

Temporary fix

  •             *********
            * HIPER *
            *********
CICS AR400
++ APAR (AK15921).
++ VER (C150) FMID(HCI6400).
++ MACUPD (DFH$WBSC) DISTLIB(ADFHSAMP) SYSLIB(SDFHSAMP)
   /* MODULE: DFH$WBSC --- TYPE: SOURCE */.
./ CHANGE NAME=DFH$WBSC,SEQFLD=738
         L     R1,#32K      Set max length @BA15921 35430000
         CR    R0,R1        Current length > max?
                                           @BA15921 35460000
         BNH   LEN_OK       No, continue   @BA15921 35490000
         LR    R0,R1        Yes, set to max
                                           @BA15921 35520000
LEN_OK   DS    0H                          @BA15921 35550000
#32K     DC    F'32767'           Max length for move
                                           @BA15921 89100000
./ ENDUP

Comments

  • 



APAR Information




    

  • APAR number
    PK15921
    • 

  • Reported component name
    CICSTS 3.1 Z/OS
    • 

  • Reported component ID
    5655M1500
    • 

  • Reported release
    400
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    YesHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2005-11-30
    • 

  • Closed date
    2005-12-13
    • 

  • Last modified date
    2006-01-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
PK12485
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UK10003
    

    • 



Modules/Macros


    

  •    DFH$WBSC

    



Fix information


    

  • Fixed component name
    CICSTS 3.1 Z/OS
    • 

  • Fixed component ID
    5655M1500
    • 



Applicable component levels


    

  • R400  PSY  UK10003
       UP05/12/17  P  F512
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            04 January 2006
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback