Hello List,
Is there way to determine the key that the caller of a SVC is executing in? For
a PC routine doing an ESTA and some shifting seems to be the way to find the
key, but I'm unsure how the same could be done from a user SVC.
Is it somewhere in the SVRB?
Also, I see this example in the authorized code scanner:
https://www.ibm.com/docs/en/zos/2.4.0?topic=fixes-fetch-vulnerability-example
vulnerable:
LA R3,copyparms
MVC 0(4,R3),0(R2)
fixed:
LHI R3,1
ESTA R0,R3
SRDL R0,48
LHI R0,3
LA R3,copyparms
MVCSK 0(R3),0(R2)
I noticed that the length loading in R0 for the MVCSK is 3, while in the
vulnerable mvc example the length is 4.
The POP for MVCSK says:
L specifies the number of bytes to the right of the first
byte of each operand. Therefore, the length in bytes
of each operand is 1-256, corresponding to a length
code in L of 0-255.
Is there any logic behind why MVC uses the actual byte count and MVCSK uses the
'number of bytes to the right'?
Kind regards,
Erik Janssen.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
