From 99ba65fc30685e613c138dc1f68acdc51732f86f Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Thu, 18 Dec 2025 16:13:23 +0000
Subject: [PATCH] [Fix] Prevent use-after-free in Redis callbacks after session
 cleanup

Set ud->terminated in lua_redis_fin() so async Redis callbacks
don't access task data after the task pool has been freed.
---
 src/lua/lua_redis.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lua/lua_redis.c b/src/lua/lua_redis.c
index 214f6433ed..4f70025472 100644
--- a/src/lua/lua_redis.c
+++ b/src/lua/lua_redis.c
@@ -272,6 +272,8 @@ lua_redis_fin(void *arg)
 	msg_debug_lua_redis("finished redis query %p from session %p; refcount=%d",
 						sp_ud, ctx, ctx->ref.refcount);
 	sp_ud->flags |= LUA_REDIS_SPECIFIC_FINISHED;
+	/* Prevent callbacks from accessing task data after session cleanup */
+	ud->terminated = 1;
 
 	REDIS_RELEASE(ctx);
 }
-- 
2.47.3