lib: add TLSSocket default error handler

RafaelGSS · RafaelGSS · commit 4ba536a5a6c3 · 2026-01-09T18:23:25.000-03:00
This prevents the server from crashing due to an unhandled rejection when a TLSSocket connection is abruptly destroyed during initialization and the user has not attached an error handler to the socket. e.g: ```js const server = http2.createSecureServer({ ... }) server.on('secureConnection', socket => { socket.on('error', err => { console.log(err) }) }) ``` PR-URL: nodejs-private/node-private#797 Fixes: #44751 Refs: https://hackerone.com/bugs?subject=nodejs&report_id=3262404 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> CVE-ID: CVE-2025-59465
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -1269,6 +1269,7 @@ function tlsConnectionListener(rawSocket) {
   socket[kErrorEmitted] = false;
   socket.on('close', onSocketClose);
   socket.on('_tlsError', onSocketTLSError);
+  socket.on('error', onSocketTLSError);
 }
 
 // AUTHENTICATION MODES

Original file line number	Diff line number	Diff line change
`@@ -1269,6 +1269,7 @@ function tlsConnectionListener(rawSocket) {`
`1269`	`1269`	`socket[kErrorEmitted] = false;`
`1270`	`1270`	`socket.on('close', onSocketClose);`
`1271`	`1271`	`socket.on('_tlsError', onSocketTLSError);`
	`1272`	`+ socket.on('error', onSocketTLSError);`
`1272`	`1273`	`}`
`1273`	`1274`
`1274`	`1275`	`// AUTHENTICATION MODES`