It appears that if R1 contains a -4, -8, or -12, then the code will go into an infinite loop. This would not cause a security breach, but it is still an error. Bill Fairchild Franklin, TN
----- Original Message ----- From: "Robert A. Rosenberg" <hal9...@panix.com> To: IBM-MAIN@LISTSERV.UA.EDU Sent: Tuesday, December 3, 2013 9:54:00 PM Subject: Re: Un-authorized caller calling authorized services. Definitely a large positive number over 2^16-1 (so there is something other than zeros in the high 2 bytes). The low 2 bytes have to be between x"0000" and x"0008" to pass the CH R1,=H8" check. As to negative numbers, that number also has to be within certain boundaries so the low bytes meet the same range check. At 12:59 -0600 on 12/03/2013, Ray Overby wrote about Re: Un-authorized caller calling authorized services.: >>Flawed function code validation. Like this in an SVC routine that >>was "supposed" to be called with a function code of 0, 4 or 8 in R1. >> >> CH R1,=H'8' IF FUNCTION CODE TOO LARGE >> BH RETURN THEN IGNORE IT >> B BTABLE(R1) USE BRANCH TABLE TO GO TO REQUIRED >>* FUNCTION >>BTABLE B HERE FUNCTION=0 >> B THERE FUNCTION=4 >> B EVERYWHERE FUNCTION=8 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN