Initial merge from r13 topic branch. With minimal cleanup.

Merge branch 'bmk/inets/httpd/xss_with_bad_header_date/r13/OTP-9674' into bmk/inets/httpd/xss_with_bad_header_date/r14/OTP-9674

Conflicts:
	lib/inets/doc/src/notes.xml
	lib/inets/src/http_server/mod_responsecontrol.erl
	lib/inets/src/inets_app/inets.appup.src
	lib/inets/test/httpd_1_1.erl
	lib/inets/test/httpd_SUITE.erl
	lib/inets/test/httpd_mod.erl
	lib/inets/test/httpd_test_lib.erl
	lib/inets/vsn.mk

3 files changed, 57 insertions, 25 deletions

diff --git a/lib/inets/src/http_server/httpd_response.erl b/lib/inets/src/http_server/httpd_response.erl
index ea9cfbf4f2..067276324b 100644
--- a/lib/inets/src/http_server/httpd_response.erl
+++ b/lib/inets/src/http_server/httpd_response.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -78,6 +78,7 @@ traverse_modules(ModData,[Module|Rest]) ->
 				[Module, Reason])),
 	    report_error(mod_log, ModData#mod.config_db, String),
 	    report_error(mod_disk_log, ModData#mod.config_db, String),
+	    send_status(ModData, 500, none),
 	    done;
 	done ->
 	    ?hdrt("traverse modules - done", []), 
diff --git a/lib/inets/src/http_server/mod_responsecontrol.erl b/lib/inets/src/http_server/mod_responsecontrol.erl
index 5d5b60cdbd..989f45db20 100644
--- a/lib/inets/src/http_server/mod_responsecontrol.erl
+++ b/lib/inets/src/http_server/mod_responsecontrol.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -209,14 +209,14 @@ compare_etags(Tag,Etags) ->
 	    nomatch
     end.
 
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%                                                                   %%
-%%Control if the file is modificated                                 %%
-%%                                                                   %%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%	    
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%                                                                  %%
+%% Control if the file is modificated                               %%
+%%                                                                  %%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%	    
 
 %%----------------------------------------------------------------------
-%%Control the If-Modified-Since and If-Not-Modified-Since header fields
+%% Control the If-Modified-Since and If-Not-Modified-Since header fields
 %%----------------------------------------------------------------------
 control_modification(Path,Info,FileInfo)->
     ?DEBUG("control_modification() -> entry",[]),
@@ -227,6 +227,8 @@ control_modification(Path,Info,FileInfo)->
 	    continue;	
 	unmodified->
 	    {304, Info, Path};
+	{bad_date, _} = BadDate->
+	    {400, Info, BadDate};
 	undefined ->
 	    case control_modification_data(Info,
 					   FileInfo#file_info.mtime,
@@ -253,21 +255,27 @@ control_modification_data(Info, ModificationTime, HeaderField)->
  	undefined->
 	    undefined;
 	LastModified0 ->
-	    LastModified = calendar:universal_time_to_local_time(
-			     httpd_util:convert_request_date(LastModified0)),
-	    ?DEBUG("control_modification_data() -> "
-		   "~n   Request-Field:    ~s"
-		   "~n   FileLastModified: ~p"
-		   "~n   FieldValue:       ~p",
-		   [HeaderField, ModificationTime, LastModified]),
-	    FileTime =
-		calendar:datetime_to_gregorian_seconds(ModificationTime),
-	    FieldTime = calendar:datetime_to_gregorian_seconds(LastModified),
-	    if 
-		FileTime =< FieldTime ->
-		    ?DEBUG("File unmodified~n", []), unmodified;
-		FileTime >= FieldTime ->
-		    ?DEBUG("File modified~n", []), modified	    
+	    case httpd_util:convert_request_date(LastModified0) of
+	    	bad_date ->
+	    	    {bad_date, LastModified0};
+	    	ConvertedReqDate ->
+		    LastModified = 
+			calendar:universal_time_to_local_time(ConvertedReqDate),
+		    ?DEBUG("control_modification_data() -> "
+			   "~n   Request-Field:    ~s"
+			   "~n   FileLastModified: ~p"
+			   "~n   FieldValue:       ~p",
+			   [HeaderField, ModificationTime, LastModified]),
+		    FileTime =
+			calendar:datetime_to_gregorian_seconds(ModificationTime),
+		    FieldTime = 
+			calendar:datetime_to_gregorian_seconds(LastModified),
+		    if 
+			FileTime =< FieldTime ->
+			    ?DEBUG("File unmodified~n", []), unmodified;
+			FileTime >= FieldTime ->
+			    ?DEBUG("File modified~n", []), modified	    
+		    end
 	    end
     end.
 
@@ -285,6 +293,9 @@ strip_date([C | Rest]) ->
 send_return_value({412,_,_}, _FileInfo)->
     {status,{412,none,"Precondition Failed"}};
 
+send_return_value({400,_, {bad_date, BadDate}}, _FileInfo)->
+    {status, {400, none, "Bad date: " ++ BadDate}};
+
 send_return_value({304,Info,Path}, FileInfo)->
     Suffix = httpd_util:suffix(Path),
     MimeType = httpd_util:lookup_mime_default(Info#mod.config_db,Suffix,
diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src
index d5fdf86a60..f4eb612881 100644
--- a/lib/inets/src/inets_app/inets.appup.src
+++ b/lib/inets/src/inets_app/inets.appup.src
@@ -18,11 +18,19 @@
 
 {"%VSN%",
  [
+  {"5.7.1",
+   [
+    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
+    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]}
+   ]
+  }, 
   {"5.7", 
    [
     {load_module, httpd_request, soft_purge, soft_purge, []}, 
     {load_module, httpc_cookie, soft_purge, soft_purge, [http_util]}, 
-    {load_module, http_util, soft_purge, soft_purge, []}
+    {load_module, http_util, soft_purge, soft_purge, []}, 
+    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
+    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]}
    ]
   }, 
   {"5.6", 
@@ -32,6 +40,8 @@
     {load_module, http_transport, soft_purge, soft_purge, [http_transport]},
     {load_module, httpc_cookie, soft_purge, soft_purge, [http_util]}, 
     {load_module, http_util, soft_purge, soft_purge, []}, 
+    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
+    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]}, 
     {update, httpc_handler, soft, soft_purge, soft_purge, []}, 
     {update, httpc_manager, soft, soft_purge, soft_purge, [httpc_handler]}, 
     {update, ftp, soft, soft_purge, soft_purge, []}
@@ -59,11 +69,19 @@
   } 
  ],
  [
+  {"5.7.1",
+   [
+    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
+    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]}
+   ]
+  }, 
   {"5.7", 
    [
     {load_module, httpd_request, soft_purge, soft_purge, []}, 
     {load_module, httpc_cookie, soft_purge, soft_purge, [http_util]}, 
-    {load_module, http_util, soft_purge, soft_purge, []}
+    {load_module, http_util, soft_purge, soft_purge, []}, 
+    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
+    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]}
    ]
   }, 
   {"5.6", 
@@ -73,6 +91,8 @@
     {load_module, http_transport, soft_purge, soft_purge, [http_transport]},
     {load_module, httpc_cookie, soft_purge, soft_purge, [http_util]}, 
     {load_module, http_util, soft_purge, soft_purge, []}, 
+    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
+    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]}, 
     {update, httpc_handler, soft, soft_purge, soft_purge, []}, 
     {update, httpc_manager, soft, soft_purge, soft_purge, [httpc_handler]}, 
     {update, ftp, soft, soft_purge, soft_purge, []}