From 3cc4b8bac493d4a34ff383b87854c034b80b92ea Mon Sep 17 00:00:00 2001
From: Brian Kassouf <bkassouf@hashicorp.com>
Date: Tue, 15 Nov 2022 09:37:18 -0800
Subject: [PATCH 1/2] Barrier: Fix potential locking issue

---
 vault/barrier_aes_gcm.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/vault/barrier_aes_gcm.go b/vault/barrier_aes_gcm.go
index a531bacd434fd..b6f6d96df97f8 100644
--- a/vault/barrier_aes_gcm.go
+++ b/vault/barrier_aes_gcm.go
@@ -1069,11 +1069,13 @@ func (b *AESGCMBarrier) Decrypt(_ context.Context, key string, ciphertext []byte
 	}
 
 	if len(ciphertext) == 0 {
+		b.l.RUnlock()
 		return nil, fmt.Errorf("empty ciphertext")
 	}
 
 	// Verify the term
 	if len(ciphertext) < 4 {
+		b.l.RUnlock()
 		return nil, fmt.Errorf("invalid ciphertext term")
 	}
 	term := binary.BigEndian.Uint32(ciphertext[:4])

From 57aed6037bb08c1d049cff39bc4643afa98f1227 Mon Sep 17 00:00:00 2001
From: Brian Kassouf <bkassouf@hashicorp.com>
Date: Tue, 15 Nov 2022 09:39:45 -0800
Subject: [PATCH 2/2] add changelog

---
 changelog/17944.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changelog/17944.txt

diff --git a/changelog/17944.txt b/changelog/17944.txt
new file mode 100644
index 0000000000000..2ce17ca360c6d
--- /dev/null
+++ b/changelog/17944.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Fix potential deadlock if barrier ciphertext is less than 4 bytes.
+```