From e0c1373bd26802fabdf3241553e980fbb287008d Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Fri, 31 Oct 2025 16:27:48 -0300
Subject: [PATCH] lib: add TLSSocket default error handler

This prevents the server from crashing due to an unhandled rejection
when a TLSSocket connection is abruptly destroyed during initialization
and the user has not attached an error handler to the socket.
e.g:

```js
const server = http2.createSecureServer({ ... })
server.on('secureConnection', socket => {
  socket.on('error', err => {
    console.log(err)
  })
})
```

PR-URL: https://github.com/nodejs-private/node-private/pull/797
Fixes: https://github.com/nodejs/node/issues/44751
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=3262404
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
CVE-ID: CVE-2025-59465

Gbp-Pq: Name CVE-2025-59465.patch
---
 lib/_tls_wrap.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 909f36dd0..d27bd80a2 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -1234,6 +1234,7 @@ function tlsConnectionListener(rawSocket) {
   socket[kErrorEmitted] = false;
   socket.on('close', onSocketClose);
   socket.on('_tlsError', onSocketTLSError);
+  socket.on('error', onSocketTLSError);
 }
 
 // AUTHENTICATION MODES
-- 
2.30.2