expat big2_toUtf8()函数XML文件解析拒绝服务漏洞
来源:岁月联盟
时间:2009-12-28
James Clark Expat 2.0.1漏洞描述:
BUGTRAQ ID: 37203
CVE ID: CVE-2009-3560
Expat是用C语言编写的XML解析器库。
Expat库的lib/xmltok.c文件中的big2_toUtf8函数存在拒绝服务漏洞。如果用户受骗打开了包含有畸形UTF-8序列的XML文档,就会在lib/xmlparse.c的doProlog函数中触发缓冲区越界读取,导致链接到Expat库上的应用崩溃。<*参考
http://secunia.com/advisories/36425/
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=533174
http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1
https://www.redhat.com/support/errata/RHSA-2009-1625.html
http://www.debian.org/security/2009/dsa-1953
*>
SEBUG安全建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1953-1)以及相应补丁:
DSA-1953-1:New expat packages fix denial of service
链接:http://www.debian.org/security/2009/dsa-1953
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.diff.gz
Size/MD5 checksum: 413321 e6d99f30014fccc0ffb9db1554ba1472
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz
Size/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.dsc
Size/MD5 checksum: 703 50e1e2ab47fe419e89ef671991ddb3f0
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_alpha.deb
Size/MD5 checksum: 69460 59616e932bcd8c86ecd4998fe633f5ee
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_alpha.udeb
Size/MD5 checksum: 61198 39a8aaec6ba02d5a206e44db95bc5d87
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_alpha.deb
Size/MD5 checksum: 143250 ac848be2b40296fbdf3a6a6eeed551f4
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_alpha.deb
Size/MD5 checksum: 22360 e3b52bc716fa975c4cc43cc9a00a4546
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_amd64.deb
Size/MD5 checksum: 64628 0ebf8bb1e3b55cf8e751f638881eee14
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_amd64.deb
Size/MD5 checksum: 21518 4ee3b94bccadb231c5ee8e47b9ebe053
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_amd64.udeb
Size/MD5 checksum: 56436 e856562cc8156f88ef07d3b79aac9336
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_amd64.deb
Size/MD5 checksum: 133908 30ba0c9b11641b960327577a65ff4423
arm architecture (ARM)
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_arm.deb
Size/MD5 checksum: 57250 1b0a1f0cf411bb0d437f3a01e5cd3593
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_arm.deb
Size/MD5 checksum: 126100 0f0bcf322522ee564f1c006b9172a873
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_arm.deb
Size/MD5 checksum: 19798 eaea089d8c4d2bfc14ecf7a72f149202
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_arm.udeb
Size/MD5 checksum: 49400 07e75e50c1b7adae634d77763bd5e86e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_hppa.deb
Size/MD5 checksum: 149462 2a9bead50733246e3cc1f8b52c283d6c
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_hppa.deb
Size/MD5 checksum: 22684 44dd6038115624b780f51314b38d1819
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_hppa.udeb
Size/MD5 checksum: 64792 aa392afb507d07a4eb4061e6368afd04
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_hppa.deb
Size/MD5 checksum: 73014 a8317a8f7a03f9aa5561fe43fbbdbcae
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_i386.deb
Size/MD5 checksum: 63130 28f26b307f7cb5b133c7d7b0b7f336dc
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_i386.deb
Size/MD5 checksum: 21090 67a8e21213321cf54be9dc58380ce45f
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_i386.deb
Size/MD5 checksum: 129822 4e06399f0079e7608d25430ded374d97
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb
Size/MD5 checksum: 54984 64b2c0654425bd1234f5394efb1e2d69
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_ia64.udeb
Size/MD5 checksum: 87362 c78054403944437ce5ddfa700ee04532
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_ia64.deb
Size/MD5 checksum: 164964 11efdcba7612853f816112c1b99437d0
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_ia64.deb
Size/MD5 checksum: 25076 e6f02ab66bde8b7de92ef2d97b60f9c0
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_ia64.deb
Size/MD5 checksum: 95858 fe960e6af68f6e12429ee8eb600d80f9
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_mips.udeb
Size/MD5 checksum: 56612 a917e2fe1206a9614fb7b9c04eb88a86
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_mips.deb
Size/MD5 checksum: 21600 fbcd5b817b80aaa9856698d68a6fa455
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_mips.deb
Size/MD5 checksum: 141918 dc95f50a8665aeb063885bc989d1315f
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_mips.deb
Size/MD5 checksum: 64702 cd4cee2ee2b4cb36d6f822998c5d7d20
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_powerpc.deb
Size/MD5 checksum: 22948 50ae9c0fa46faebf9a4eafeb2fb40b9a
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_powerpc.udeb
Size/MD5 checksum: 59448 4d212532482851f7a463ede5419f1791
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_powerpc.deb
Size/MD5 checksum: 148146 381b2f1b56ec4b803cf904e0cd58e4ec
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_powerpc.deb
Size/MD5 checksum: 67650 de0a12471a24bc12da5c7b4cd33bba07
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_s390.deb
Size/MD5 checksum: 64906 f480563f4ff6a0f77dbd0a490a973b9d
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_s390.udeb
Size/MD5 checksum: 56770 7854d9f4ce32b1963ede0790b69904d0
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_s390.deb
Size/MD5 checksum: 21420 d039dacbda9db203d23281317a8ddd3c
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_s390.deb
Size/MD5 checksum: 132506 d194bdb366195ba2402999a2cad5aa4d
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_sparc.deb
Size/MD5 checksum: 128580 39bf980ed2bfd1a5f332b48c5f4b355b
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_sparc.udeb
Size/MD5 checksum: 51882 84810453c7288687eebcd5822c4525ca
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_sparc.deb
Size/MD5 checksum: 59824 b71d2a54edf53c92d97b1faa63930134
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_sparc.deb
Size/MD5 checksum: 20394 7f1bc9c83495ab50c03701e6ef125332
Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz
Size/MD5 checksum: 446456 ee8b492592568805593f81f8cdf2a04c
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.dsc
Size/MD5 checksum: 1438 556771752cdeb9b854aae0ecd060e1c5
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.diff.gz
Size/MD5 checksum: 133845 424badd53b1147b260c2dfd3b7c5f153
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_alpha.udeb
Size/MD5 checksum: 62898 289c10af11866f2862eebe1920910969
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 221130 e5c4f3465c09b47b47b2959b44aeed09
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 24628 92666b01407635c4829fc5fea10237b3
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 135844 331e0b3b6c41c716686de6eb7408024d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 223306 6736ebbd46ddb4f03c7731c9ad893d27
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_amd64.udeb
Size/MD5 checksum: 62810 e8bcc7686a563b52372f1d03b5e39106
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 23898 688c33641259b60883572206e151449a
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 136360 752cdbf7c744780a629272335fa52779
arm architecture (ARM)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_arm.udeb
Size/MD5 checksum: 52720 27a3e489f7ca8ad52bfc076a81348900
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 203330 63309ffa0125a0ebf1c4d60831a0f365
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 22108 165b6b7584589a653b5c8f6e2619f020
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 116164 979ed610597f6e64ae7646e0c93b0d32
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 209090 33d3e6b4e7df0e01ea86a61fbb5b4240
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 22362 44191b6e3c34c571089c23710da67d5d
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_armel.udeb
Size/MD5 checksum: 54240 9bade1198036f567e35d8cc6f37312ea
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 118714 7bcda4ddc2817c8aab259378dc660a0c
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_hppa.udeb
Size/MD5 checksum: 69456 1ff6cd259068a168fa229abaf71cc985
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 261136 bde3165254c6034c331a54c0560d4fcb
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 24828 bb26c745fbb3e3cd9446cb01cc0ad4e7
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 148662 f955833df5ed41fdedc3d5090a43a8e5
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_i386.udeb
Size/MD5 checksum: 60816 009c3b55eeeaa87476ff658c5c654791
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 23288 529f392c091e9e09f74e21e77da69f0c
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 168162 01b2166f38485842aab660f0a397487a
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 136330 11942d4c9c36b25882db662b9edf1981
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 210542 54ea496b626a1875b6d7cf7519008ec3
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 131876 8c8a91854bf5ee9eec30fda926519bef
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 27426 7d194ae6b0473db3ff5470c10938d964
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 206162 b5b5cd0448f4d4405e547083158d0b33
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 291698 3c2fa7560629d402db2fe09cacf78d65
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_ia64.udeb
Size/MD5 checksum: 98262 d2fe5be42499f8cc35727ad1febaba15
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 234414 c1fe34bff578c026a950a7c3f4c4d771
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mips.udeb
Size/MD5 checksum: 61214 4670ea4ec04854955699ef5d1115322f
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 23794 294282bd2e09d86cdcecb2c7be16a2c7
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 132784 8ee0a7eabf9781a087dccc9348d9e5c0
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 224124 d846357e369b14081f16cc1576bda554
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 131716 ab80da25bb702bf1eda5659949931cf3
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 23812 0eab513e87cdc4b6af912e8c9b9eb97d
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mipsel.udeb
Size/MD5 checksum: 60652 571cd4e1defdffbd231b4f1c30317933
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_powerpc.deb
Size/MD5 checksum: 140454 57b59323a8fd3f989c4b887a2f435edc
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_powerpc.deb
Size/MD5 checksum: 143938 14c14076db484cc958e72b9fc4c566db
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_powerpc.deb
Size/MD5 checksum: 280288 9fadfb58e2302a8b6f57297e65dfd8d3
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_powerpc.deb
Size/MD5 checksum: 26806 72bac1cc1d74623ba6494645bc4289ab
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_powerpc.deb
Size/MD5 checksum: 156730 2aca152555c73b700d1726d1eded7fe4
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_powerpc.udeb
Size/MD5 checksum: 64998 989f172b6599508c436bc5a09c91c4f5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 220156 c7fc9bb8b053a250ab3e37bfb2bb5f48
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 24202 f1db3ff06b30af0f9a37669346b03647
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 134506 d64a081f5c330c143361c5a1adfbe960
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 134478 45bf7476a951dd3d6fb44a230c507f20
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 173076 c2cb8d4e8b9c5f0aaf3700e6efad34e8
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_s390.udeb
Size/MD5 checksum: 61936 c87e11d3c3759892c3d6b6f418c2bb95
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_sparc.udeb
Size/MD5 checksum: 57658 13a0ac88f44285d0d86dcd38d3deff70
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 133572 8bab47cce6aabb7d2038c6d528ff02a3
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 23164 4a504bfeb56ecce8f1b7aaaee11b138b
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 171696 8e6d324c284db7a61854d544cb49418e
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 125636 1ab1d2f419627c15d5fb557c515937f6
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 216610 ec3f0144dd15d23fb9bc188b52a26f78
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:1625-01)以及相应补丁:
RHSA-2009:1625-01:Moderate: expat security update
链接:https://www.redhat.com/support/errata/RHSA-2009-1625.html
Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-6905480)以及相应补丁:
Sun-Alert-6905480:Multiple Security Vulnerabilities in the libexpat Library May Lead to a Denial of Service (DoS) Condition
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1
James Clark
-----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
