HttpHeaders TryParse can throw

[MihaZupan]

Found by https://github.com/dotnet/runtime/blob/main/src/libraries/Fuzzing/DotnetFuzzing/Fuzzers/HttpHeadersFuzzer.cs

var headers = new HttpRequestMessage().Headers;
headers.TryAddWithoutValidation("Via", "a\t\u2000");
_ = headers.ToArray();

System.ArgumentException: The value cannot be an empty string or composed entirely of whitespace. (Parameter 'receivedBy')
   at System.ArgumentException.ThrowNullOrWhiteSpaceException(String argument, String paramName)
   at System.ArgumentException.ThrowIfNullOrWhiteSpace(String argument, String paramName)
   at System.Net.Http.Headers.ViaHeaderValue.CheckReceivedBy(String receivedBy)
   at System.Net.Http.Headers.ViaHeaderValue..ctor(String protocolVersion, String receivedBy, String protocolName, String comment)
   at System.Net.Http.Headers.ViaHeaderValue.GetViaLength(String input, Int32 startIndex, Object& parsedValue)
   at System.Net.Http.Headers.GenericHeaderParser.GetParsedValueLength(String value, Int32 startIndex, Object storeValue, Object& parsedValue)
   at System.Net.Http.Headers.BaseHeaderParser.TryParseValue(String value, Object storeValue, Int32& index, Object& parsedValue)
   at System.Net.Http.Headers.HttpHeaders.TryParseAndAddRawHeaderValue(HeaderDescriptor descriptor, HeaderStoreItemInfo info, String value, Boolean addWhenInvalid)
   at System.Net.Http.Headers.HttpHeaders.ParseSingleRawHeaderValue(HeaderStoreItemInfo info, HeaderDescriptor descriptor, String rawValue)
   at System.Net.Http.Headers.HttpHeaders.ParseRawHeaderValues(HeaderDescriptor descriptor, HeaderStoreItemInfo info)
   at System.Net.Http.Headers.HttpHeaders.GetEnumeratorCore()+MoveNext()
   at DotnetFuzzing.Fuzzers.HttpHeadersFuzzer.g__Test|10_0(HttpHeaders headers, String name, String value) in D:\a\_work\1\s\src\libraries\Fuzzing\DotnetFuzzing\Fuzzers\HttpHeadersFuzzer.cs:line 62
   at DotnetFuzzing.Fuzzers.HttpHeadersFuzzer.FuzzTarget(ReadOnlySpan`1 bytes) in D:\a\_work\1\s\src\libraries\Fuzzing\DotnetFuzzing\Fuzzers\HttpHeadersFuzzer.cs:line 50
   at SharpFuzz.Fuzzer.LibFuzzer.Run(ReadOnlySpanAction action, Boolean ignoreExceptions)

---

var headers = new HttpRequestMessage().Headers;
headers.TryAddWithoutValidation("Warning", "1 \u2000 \"\"");
_ = headers.ToArray();

System.ArgumentException: The value cannot be an empty string or composed entirely of whitespace. (Parameter 'agent')
   at System.ArgumentException.ThrowNullOrWhiteSpaceException(String argument, String paramName)
   at System.ArgumentException.ThrowIfNullOrWhiteSpace(String argument, String paramName)
   at System.Net.Http.Headers.WarningHeaderValue.CheckAgent(String agent)
   at System.Net.Http.Headers.WarningHeaderValue..ctor(Int32 code, String agent, String text)
   at System.Net.Http.Headers.WarningHeaderValue.GetWarningLength(String input, Int32 startIndex, Object& parsedValue)
   at System.Net.Http.Headers.GenericHeaderParser.GetParsedValueLength(String value, Int32 startIndex, Object storeValue, Object& parsedValue)
   at System.Net.Http.Headers.BaseHeaderParser.TryParseValue(String value, Object storeValue, Int32& index, Object& parsedValue)
   at System.Net.Http.Headers.HttpHeaders.TryParseAndAddRawHeaderValue(HeaderDescriptor descriptor, HeaderStoreItemInfo info, String value, Boolean addWhenInvalid)
   at System.Net.Http.Headers.HttpHeaders.ParseSingleRawHeaderValue(HeaderStoreItemInfo info, HeaderDescriptor descriptor, String rawValue)
   at System.Net.Http.Headers.HttpHeaders.ParseRawHeaderValues(HeaderDescriptor descriptor, HeaderStoreItemInfo info)
   at System.Net.Http.Headers.HttpHeaders.GetEnumeratorCore()+MoveNext()
   at DotnetFuzzing.Fuzzers.HttpHeadersFuzzer.g__Test|10_0(HttpHeaders headers, String name, String value) in D:\a\_work\1\s\src\libraries\Fuzzing\DotnetFuzzing\Fuzzers\HttpHeadersFuzzer.cs:line 62
   at DotnetFuzzing.Fuzzers.HttpHeadersFuzzer.FuzzTarget(ReadOnlySpan`1 bytes) in D:\a\_work\1\s\src\libraries\Fuzzing\DotnetFuzzing\Fuzzers\HttpHeadersFuzzer.cs:line 50
   at SharpFuzz.Fuzzer.LibFuzzer.Run(ReadOnlySpanAction action, Boolean ignoreExceptions)

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

[MihaZupan]

Given that this appears with \u2000, my guess would be this is due to a mismatch of which characters our parsing logic considers as whitespace vs. ArgumentException.ThrowIfNullOrWhiteSpace.

[GMPrakhar]

I don't understand the issue here. The unicode character "\u2000" is en quad, which is a whitespace character. This is evident from the string method for checking whitespace chars:

Is the issue to change the fuzzer logic to not include these characters as well?

[MihaZupan]

The issue is that enumerating a header collection should never throw, even if we encounter invalid values that were added via TryAddWithoutValidation.
In this case it's likely that the header value constructors are being too strict by validating any whitespace characters, whereas the parsing logic is more limited (may only recognize Ascii space and tab for example).

We should change the logic here such that we don't throw anymore, likely by only looking for the relevant whitespace characters as part of ctor validation.

On a side note, we shouldn't be using validating constructors from TryParse in the first place as that's just wasted cycles to do validation twice.