CVE-2019-3558

A malicious client sends a crafted Thrift message containing a container (list, set, map) whose element type field is set to an invalid or unknown type value. Because the server's `skip()` routine silently returns on unknown types, the server does not advance its read cursor properly and may loop indefinitely or spend excessive time attempting to parse the malformed container. This allows an attacker to cause a denial of service by sending a short message that triggers a long parse time on the server [ref_id=1].

The vulnerability resides in the `skip()` function within the Thrift protocol layer. In the C++ implementation, the `default:` case of the `skip()` function in `TProtocol.cpp` simply returned without error when encountering an unknown type. In the Python implementation, the `skip()` method in `TProtocol.py` also silently returned for unknown types. The patch modifies both the C++ `skip()` function and the Python `skip()` method to throw a `TProtocolException` with `INVALID_DATA` when an unrecognized type is encountered [ref_id=1].

The fix adds a `throwInvalidSkipType()` method to `TProtocolException` and modifies the `skip()` function's default case to call it instead of silently returning. In the Python implementation, the `skip()` method's final `else` clause now raises a `TProtocolException` with `INVALID_DATA` for any unrecognized type. This ensures that when the server encounters an invalid field/element type during skipping, it immediately throws an exception and stops processing the malformed message, preventing the denial-of-service condition [ref_id=1].