[WinHTTP] Validate header values for ASCII

[ManickaP]

We pass headers to WinHTTP.dll without any validation of their values:

runtime/src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs

Line 742 in cc37009

requestHeadersBuffer.AppendLine(requestMessage.Headers.ToString());

We should validate the values to be well-formed the same way as SocketsHttpHandler does:

runtime/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/HttpConnection.cs

Line 509 in a37502b

OperationStatus status = Ascii.FromUtf16(s, buffer, out int bytesWritten);

I.e. For ASCII chars.

See RFC for header values: https://www.rfc-editor.org/rfc/rfc9110.html#name-field-values

Note: it allows up to the full byte to allow encoding like Latin-1 for historical purposes.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

[wfurt]

What is the impact? It seems like this would be low risk, right? And it may be responsibility of WinHttp to do whatever validation they deem necessary.