Although performing validation in your interface routine is never a bad thing, the real validation must *always* be done in the PC routine itself as someone might attempt to invoke your PC by crafting the parameter list manually outside of your interface.
Always access caller data in the key of the caller - you can extract the key of the caller from the PSW on the stack (ESTA instruction and then some bit shifting) MVCDK and MVCSK instructions are your friends when moving data between PC routine and caller. Once you have the caller key, immediately copy (MVCSK) the parameter list to your PC working storage *before* you inspect it so that it cannot be altered during the validation process. Never trust passed parameters and addresses - always use trusted sources for control block access including your own server control blocks. Length checking is always good - do not be the buffer-overflow root cause. If possible, do NOT run your server and PC routines in key0 - get a PPT entry for your server jobstep program in another key (for example, key2 or key4) and then specify this key on the ETDEF for the PC routine. Rather than repeatedly coding MVCDK/SK instructions, consider wrapping them up in a macro so that it can do 256-byte loops for larger amounts of data. -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of esst...@juno.com Sent: Sunday, November 20, 2016 10:17 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Verifying callers Parameter Address upon entry to a PC Service Routine . Im looking for some guidelines when validating any address passed to a PC Service Routine. . Should the Validation be done in The PC Service Routine *or* in the callers interface routine provided by the Service Address Space. . What would be the recommended method to validate all Address Passed to the PC Service Routine ? What Instructions ? what Macros - Callable Services ? . Paul D'Angelo . ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ================================ Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ +1 877.328.2932 ■ +1 781.577.4321 Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
