From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Fri, 31 Oct 2025 19:27:48 +0000 (-0300)
Subject: lib: add TLSSocket default error handler
X-Git-Tag: archive/raspbian/18.20.4+dfsg-1_deb12u2+rpi1^2~9
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e0c1373bd26802fabdf3241553e980fbb287008d;p=nodejs.git

lib: add TLSSocket default error handler

This prevents the server from crashing due to an unhandled rejection
when a TLSSocket connection is abruptly destroyed during initialization
and the user has not attached an error handler to the socket.
e.g:

```js
const server = http2.createSecureServer({ ... })
server.on('secureConnection', socket => {
  socket.on('error', err => {
    console.log(err)
  })
})
```

PR-URL: https://github.com/nodejs-private/node-private/pull/797
Fixes: https://github.com/nodejs/node/issues/44751
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=3262404
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
CVE-ID: CVE-2025-59465

Gbp-Pq: Name CVE-2025-59465.patch
---

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 909f36dd0..d27bd80a2 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -1234,6 +1234,7 @@ function tlsConnectionListener(rawSocket) {
   socket[kErrorEmitted] = false;
   socket.on('close', onSocketClose);
   socket.on('_tlsError', onSocketTLSError);
+  socket.on('error', onSocketTLSError);
 }
 
 // AUTHENTICATION MODES