Pull request #5195: dns: prevent unbounded TCP session vector growth

Merge in SNORT/snort3 from ~SHIBOSE/snort3:dns_clear_vector to master

Squashed commit of the following:

commit 5eb34aa47df3367b988c082c47427f31d8e745d8
Author: shibose <shibose@cisco.com>
Date:   Thu Feb 26 14:31:50 2026 +0530

    dns: prevent unbounded TCP session vector growth

diff --git a/src/service_inspectors/dns/dns.cc b/src/service_inspectors/dns/dns.cc
index 44de44a99f943862df1412f4abb3af3e4df9419c..2195fb822b20b06235f536c4366017b90ab0b170 100644 (file)
--- a/src/service_inspectors/dns/dns.cc
+++ b/src/service_inspectors/dns/dns.cc
@@ -901,6 +901,13 @@ static void ParseDNSResponseMessage(Packet* p, DNSData* dnsSessionData, bool& ne
         // For DNS over TCP, the reused event object may hold domain names and IP addresses extracted
         // from previous DNS response message which must be cleared before processing a new DNS message.
         dnsSessionData->dns_events.clear_data();
+
+        // Clear resource record vectors to prevent unbounded growth across transactions
+        // These vectors should only contain data for the current DNS transaction, not accumulated
+        // data from all previous transactions in this long-lived TCP session.
+        dnsSessionData->answer_tabs.clear();
+        dnsSessionData->auth_tabs.clear();
+        dnsSessionData->addl_tabs.clear();
     }
 
     while (bytes_unused)