archive.c: convert to use struct object_id
[gitweb.git] / refs.c
diff --git a/refs.c b/refs.c
index f8d59ab7f004a336b92dd2355ef4a518cef3231a..9edf18b04e7e29b12fa3808aab2239efcc404dca 100644 (file)
--- a/refs.c
+++ b/refs.c
@@ -70,16 +70,8 @@ static int check_refname_component(const char *refname, int flags)
 out:
        if (cp == refname)
                return 0; /* Component has zero length. */
-       if (refname[0] == '.') {
-               if (!(flags & REFNAME_DOT_COMPONENT))
-                       return -1; /* Component starts with '.'. */
-               /*
-                * Even if leading dots are allowed, don't allow "."
-                * as a component (".." is prevented by a rule above).
-                */
-               if (refname[1] == '\0')
-                       return -1; /* Component equals ".". */
-       }
+       if (refname[0] == '.')
+               return -1; /* Component starts with '.'. */
        if (cp - refname >= LOCK_SUFFIX_LEN &&
            !memcmp(cp - LOCK_SUFFIX_LEN, LOCK_SUFFIX, LOCK_SUFFIX_LEN))
                return -1; /* Refname ends with ".lock". */
@@ -195,8 +187,8 @@ struct ref_dir {
 
 /*
  * Bit values for ref_entry::flag.  REF_ISSYMREF=0x01,
- * REF_ISPACKED=0x02, and REF_ISBROKEN=0x04 are public values; see
- * refs.h.
+ * REF_ISPACKED=0x02, REF_ISBROKEN=0x04 and REF_BAD_NAME=0x08 are
+ * public values; see refs.h.
  */
 
 /*
@@ -204,16 +196,16 @@ struct ref_dir {
  * the correct peeled value for the reference, which might be
  * null_sha1 if the reference is not a tag or if it is broken.
  */
-#define REF_KNOWS_PEELED 0x08
+#define REF_KNOWS_PEELED 0x10
 
 /* ref_entry represents a directory of references */
-#define REF_DIR 0x10
+#define REF_DIR 0x20
 
 /*
  * Entry has not yet been read from disk (used only for REF_DIR
  * entries representing loose references)
  */
-#define REF_INCOMPLETE 0x20
+#define REF_INCOMPLETE 0x40
 
 /*
  * A ref_entry represents either a reference or a "subdirectory" of
@@ -282,6 +274,39 @@ static struct ref_dir *get_ref_dir(struct ref_entry *entry)
        return dir;
 }
 
+/*
+ * Check if a refname is safe.
+ * For refs that start with "refs/" we consider it safe as long they do
+ * not try to resolve to outside of refs/.
+ *
+ * For all other refs we only consider them safe iff they only contain
+ * upper case characters and '_' (like "HEAD" AND "MERGE_HEAD", and not like
+ * "config").
+ */
+static int refname_is_safe(const char *refname)
+{
+       if (starts_with(refname, "refs/")) {
+               char *buf;
+               int result;
+
+               buf = xmalloc(strlen(refname) + 1);
+               /*
+                * Does the refname try to escape refs/?
+                * For example: refs/foo/../bar is safe but refs/foo/../../bar
+                * is not.
+                */
+               result = !normalize_path_copy(buf, refname + strlen("refs/"));
+               free(buf);
+               return result;
+       }
+       while (*refname) {
+               if (!isupper(*refname) && *refname != '_')
+                       return 0;
+               refname++;
+       }
+       return 1;
+}
+
 static struct ref_entry *create_ref_entry(const char *refname,
                                          const unsigned char *sha1, int flag,
                                          int check_name)
@@ -290,8 +315,10 @@ static struct ref_entry *create_ref_entry(const char *refname,
        struct ref_entry *ref;
 
        if (check_name &&
-           check_refname_format(refname, REFNAME_ALLOW_ONELEVEL|REFNAME_DOT_COMPONENT))
+           check_refname_format(refname, REFNAME_ALLOW_ONELEVEL))
                die("Reference has invalid format: '%s'", refname);
+       if (!check_name && !refname_is_safe(refname))
+               die("Reference has invalid name: '%s'", refname);
        len = strlen(refname) + 1;
        ref = xmalloc(sizeof(struct ref_entry) + len);
        hashcpy(ref->u.value.sha1, sha1);
@@ -1041,8 +1068,10 @@ static const char PACKED_REFS_HEADER[] =
  * Return a pointer to the refname within the line (null-terminated),
  * or NULL if there was a problem.
  */
-static const char *parse_ref_line(char *line, unsigned char *sha1)
+static const char *parse_ref_line(struct strbuf *line, unsigned char *sha1)
 {
+       const char *ref;
+
        /*
         * 42: the answer to everything.
         *
@@ -1051,22 +1080,23 @@ static const char *parse_ref_line(char *line, unsigned char *sha1)
         *  +1 (space in between hex and name)
         *  +1 (newline at the end of the line)
         */
-       int len = strlen(line) - 42;
-
-       if (len <= 0)
+       if (line->len <= 42)
                return NULL;
-       if (get_sha1_hex(line, sha1) < 0)
+
+       if (get_sha1_hex(line->buf, sha1) < 0)
                return NULL;
-       if (!isspace(line[40]))
+       if (!isspace(line->buf[40]))
                return NULL;
-       line += 41;
-       if (isspace(*line))
+
+       ref = line->buf + 41;
+       if (isspace(*ref))
                return NULL;
-       if (line[len] != '\n')
+
+       if (line->buf[line->len - 1] != '\n')
                return NULL;
-       line[len] = 0;
+       line->buf[--line->len] = 0;
 
-       return line;
+       return ref;
 }
 
 /*
@@ -1099,16 +1129,15 @@ static const char *parse_ref_line(char *line, unsigned char *sha1)
 static void read_packed_refs(FILE *f, struct ref_dir *dir)
 {
        struct ref_entry *last = NULL;
-       char refline[PATH_MAX];
+       struct strbuf line = STRBUF_INIT;
        enum { PEELED_NONE, PEELED_TAGS, PEELED_FULLY } peeled = PEELED_NONE;
 
-       while (fgets(refline, sizeof(refline), f)) {
+       while (strbuf_getwholeline(&line, f, '\n') != EOF) {
                unsigned char sha1[20];
                const char *refname;
-               static const char header[] = "# pack-refs with:";
+               const char *traits;
 
-               if (!strncmp(refline, header, sizeof(header)-1)) {
-                       const char *traits = refline + sizeof(header) - 1;
+               if (skip_prefix(line.buf, "# pack-refs with:", &traits)) {
                        if (strstr(traits, " fully-peeled "))
                                peeled = PEELED_FULLY;
                        else if (strstr(traits, " peeled "))
@@ -1117,9 +1146,15 @@ static void read_packed_refs(FILE *f, struct ref_dir *dir)
                        continue;
                }
 
-               refname = parse_ref_line(refline, sha1);
+               refname = parse_ref_line(&line, sha1);
                if (refname) {
-                       last = create_ref_entry(refname, sha1, REF_ISPACKED, 1);
+                       int flag = REF_ISPACKED;
+
+                       if (check_refname_format(refname, REFNAME_ALLOW_ONELEVEL)) {
+                               hashclr(sha1);
+                               flag |= REF_BAD_NAME | REF_ISBROKEN;
+                       }
+                       last = create_ref_entry(refname, sha1, flag, 0);
                        if (peeled == PEELED_FULLY ||
                            (peeled == PEELED_TAGS && starts_with(refname, "refs/tags/")))
                                last->flag |= REF_KNOWS_PEELED;
@@ -1127,10 +1162,10 @@ static void read_packed_refs(FILE *f, struct ref_dir *dir)
                        continue;
                }
                if (last &&
-                   refline[0] == '^' &&
-                   strlen(refline) == PEELED_LINE_LENGTH &&
-                   refline[PEELED_LINE_LENGTH - 1] == '\n' &&
-                   !get_sha1_hex(refline + 1, sha1)) {
+                   line.buf[0] == '^' &&
+                   line.len == PEELED_LINE_LENGTH &&
+                   line.buf[PEELED_LINE_LENGTH - 1] == '\n' &&
+                   !get_sha1_hex(line.buf + 1, sha1)) {
                        hashcpy(last->u.value.peeled, sha1);
                        /*
                         * Regardless of what the file header said,
@@ -1140,6 +1175,8 @@ static void read_packed_refs(FILE *f, struct ref_dir *dir)
                        last->flag |= REF_KNOWS_PEELED;
                }
        }
+
+       strbuf_release(&line);
 }
 
 /*
@@ -1257,8 +1294,13 @@ static void read_loose_refs(const char *dirname, struct ref_dir *dir)
                                hashclr(sha1);
                                flag |= REF_ISBROKEN;
                        }
+                       if (check_refname_format(refname.buf,
+                                                REFNAME_ALLOW_ONELEVEL)) {
+                               hashclr(sha1);
+                               flag |= REF_BAD_NAME | REF_ISBROKEN;
+                       }
                        add_entry_to_dir(dir,
-                                        create_ref_entry(refname.buf, sha1, flag, 1));
+                                        create_ref_entry(refname.buf, sha1, flag, 0));
                }
                strbuf_setlen(&refname, dirnamelen);
        }
@@ -1377,10 +1419,10 @@ static struct ref_entry *get_packed_ref(const char *refname)
  * A loose ref file doesn't exist; check for a packed ref.  The
  * options are forwarded from resolve_safe_unsafe().
  */
-static const char *handle_missing_loose_ref(const char *refname,
-                                           int resolve_flags,
-                                           unsigned char *sha1,
-                                           int *flags)
+static int resolve_missing_loose_ref(const char *refname,
+                                    int resolve_flags,
+                                    unsigned char *sha1,
+                                    int *flags)
 {
        struct ref_entry *entry;
 
@@ -1393,14 +1435,15 @@ static const char *handle_missing_loose_ref(const char *refname,
                hashcpy(sha1, entry->u.value.sha1);
                if (flags)
                        *flags |= REF_ISPACKED;
-               return refname;
+               return 0;
        }
        /* The reference is not a packed reference, either. */
        if (resolve_flags & RESOLVE_REF_READING) {
-               return NULL;
+               errno = ENOENT;
+               return -1;
        } else {
                hashclr(sha1);
-               return refname;
+               return 0;
        }
 }
 
@@ -1411,13 +1454,29 @@ const char *resolve_ref_unsafe(const char *refname, int resolve_flags, unsigned
        ssize_t len;
        char buffer[256];
        static char refname_buffer[256];
+       int bad_name = 0;
 
        if (flags)
                *flags = 0;
 
        if (check_refname_format(refname, REFNAME_ALLOW_ONELEVEL)) {
-               errno = EINVAL;
-               return NULL;
+               if (flags)
+                       *flags |= REF_BAD_NAME;
+
+               if (!(resolve_flags & RESOLVE_REF_ALLOW_BAD_NAME) ||
+                   !refname_is_safe(refname)) {
+                       errno = EINVAL;
+                       return NULL;
+               }
+               /*
+                * dwim_ref() uses REF_ISBROKEN to distinguish between
+                * missing refs and refs that were present but invalid,
+                * to complain about the latter to stderr.
+                *
+                * We don't know whether the ref exists, so don't set
+                * REF_ISBROKEN yet.
+                */
+               bad_name = 1;
        }
        for (;;) {
                char path[PATH_MAX];
@@ -1443,11 +1502,17 @@ const char *resolve_ref_unsafe(const char *refname, int resolve_flags, unsigned
                 */
        stat_ref:
                if (lstat(path, &st) < 0) {
-                       if (errno == ENOENT)
-                               return handle_missing_loose_ref(refname,
-                                               resolve_flags, sha1, flags);
-                       else
+                       if (errno != ENOENT)
+                               return NULL;
+                       if (resolve_missing_loose_ref(refname, resolve_flags,
+                                                     sha1, flags))
                                return NULL;
+                       if (bad_name) {
+                               hashclr(sha1);
+                               if (flags)
+                                       *flags |= REF_ISBROKEN;
+                       }
+                       return refname;
                }
 
                /* Follow "normalized" - ie "refs/.." symlinks by hand */
@@ -1467,6 +1532,10 @@ const char *resolve_ref_unsafe(const char *refname, int resolve_flags, unsigned
                                refname = refname_buffer;
                                if (flags)
                                        *flags |= REF_ISSYMREF;
+                               if (resolve_flags & RESOLVE_REF_NO_RECURSE) {
+                                       hashclr(sha1);
+                                       return refname;
+                               }
                                continue;
                        }
                }
@@ -1516,6 +1585,11 @@ const char *resolve_ref_unsafe(const char *refname, int resolve_flags, unsigned
                                errno = EINVAL;
                                return NULL;
                        }
+                       if (bad_name) {
+                               hashclr(sha1);
+                               if (flags)
+                                       *flags |= REF_ISBROKEN;
+                       }
                        return refname;
                }
                if (flags)
@@ -1523,20 +1597,28 @@ const char *resolve_ref_unsafe(const char *refname, int resolve_flags, unsigned
                buf = buffer + 4;
                while (isspace(*buf))
                        buf++;
+               refname = strcpy(refname_buffer, buf);
+               if (resolve_flags & RESOLVE_REF_NO_RECURSE) {
+                       hashclr(sha1);
+                       return refname;
+               }
                if (check_refname_format(buf, REFNAME_ALLOW_ONELEVEL)) {
                        if (flags)
                                *flags |= REF_ISBROKEN;
-                       errno = EINVAL;
-                       return NULL;
+
+                       if (!(resolve_flags & RESOLVE_REF_ALLOW_BAD_NAME) ||
+                           !refname_is_safe(buf)) {
+                               errno = EINVAL;
+                               return NULL;
+                       }
+                       bad_name = 1;
                }
-               refname = strcpy(refname_buffer, buf);
        }
 }
 
 char *resolve_refdup(const char *ref, int resolve_flags, unsigned char *sha1, int *flags)
 {
-       const char *ret = resolve_ref_unsafe(ref, resolve_flags, sha1, flags);
-       return ret ? xstrdup(ret) : NULL;
+       return xstrdup_or_null(resolve_ref_unsafe(ref, resolve_flags, sha1, flags));
 }
 
 /* The argument to filter_refs */
@@ -2160,16 +2242,16 @@ static struct ref_lock *lock_ref_sha1_basic(const char *refname,
        int missing = 0;
        int attempts_remaining = 3;
 
-       if (check_refname_format(refname, REFNAME_ALLOW_ONELEVEL)) {
-               errno = EINVAL;
-               return NULL;
-       }
-
        lock = xcalloc(1, sizeof(struct ref_lock));
        lock->lock_fd = -1;
 
        if (mustexist)
                resolve_flags |= RESOLVE_REF_READING;
+       if (flags & REF_DELETING) {
+               resolve_flags |= RESOLVE_REF_ALLOW_BAD_NAME;
+               if (flags & REF_NODEREF)
+                       resolve_flags |= RESOLVE_REF_NO_RECURSE;
+       }
 
        refname = resolve_ref_unsafe(refname, resolve_flags,
                                     lock->old_sha1, &type);
@@ -2239,6 +2321,7 @@ static struct ref_lock *lock_ref_sha1_basic(const char *refname,
 
        lock->lock_fd = hold_lock_file_for_update(lock->lk, ref_file, lflags);
        if (lock->lock_fd < 0) {
+               last_errno = errno;
                if (errno == ENOENT && --attempts_remaining > 0)
                        /*
                         * Maybe somebody just deleted one of the
@@ -2246,8 +2329,13 @@ static struct ref_lock *lock_ref_sha1_basic(const char *refname,
                         * again:
                         */
                        goto retry;
-               else
-                       unable_to_lock_die(ref_file, errno);
+               else {
+                       struct strbuf err = STRBUF_INIT;
+                       unable_to_lock_message(ref_file, errno, &err);
+                       error("%s", err.buf);
+                       strbuf_release(&err);
+                       goto error_return;
+               }
        }
        return old_sha1 ? verify_lock(lock, old_sha1, mustexist) : lock;
 
@@ -2560,36 +2648,36 @@ static int curate_packed_ref_fn(struct ref_entry *entry, void *cb_data)
        return 0;
 }
 
-int repack_without_refs(const char **refnames, int n, struct strbuf *err)
+int repack_without_refs(struct string_list *refnames, struct strbuf *err)
 {
        struct ref_dir *packed;
        struct string_list refs_to_delete = STRING_LIST_INIT_DUP;
-       struct string_list_item *ref_to_delete;
-       int i, ret, removed = 0;
+       struct string_list_item *refname, *ref_to_delete;
+       int ret, needs_repacking = 0, removed = 0;
+
+       assert(err);
 
        /* Look for a packed ref */
-       for (i = 0; i < n; i++)
-               if (get_packed_ref(refnames[i]))
+       for_each_string_list_item(refname, refnames) {
+               if (get_packed_ref(refname->string)) {
+                       needs_repacking = 1;
                        break;
+               }
+       }
 
        /* Avoid locking if we have nothing to do */
-       if (i == n)
+       if (!needs_repacking)
                return 0; /* no refname exists in packed refs */
 
        if (lock_packed_refs(0)) {
-               if (err) {
-                       unable_to_lock_message(git_path("packed-refs"), errno,
-                                              err);
-                       return -1;
-               }
-               unable_to_lock_error(git_path("packed-refs"), errno);
-               return error("cannot delete '%s' from packed refs", refnames[i]);
+               unable_to_lock_message(git_path("packed-refs"), errno, err);
+               return -1;
        }
        packed = get_packed_refs(&ref_cache);
 
        /* Remove refnames from the cache */
-       for (i = 0; i < n; i++)
-               if (remove_entry(packed, refnames[i]) != -1)
+       for_each_string_list_item(refname, refnames)
+               if (remove_entry(packed, refname->string) != -1)
                        removed = 1;
        if (!removed) {
                /*
@@ -2609,7 +2697,7 @@ int repack_without_refs(const char **refnames, int n, struct strbuf *err)
 
        /* Write what remains */
        ret = commit_packed_refs();
-       if (ret && err)
+       if (ret)
                strbuf_addf(err, "unable to overwrite old ref-pack file: %s",
                            strerror(errno));
        return ret;
@@ -2617,6 +2705,8 @@ int repack_without_refs(const char **refnames, int n, struct strbuf *err)
 
 static int delete_ref_loose(struct ref_lock *lock, int flag, struct strbuf *err)
 {
+       assert(err);
+
        if (!(flag & REF_ISPACKED) || flag & REF_ISSYMREF) {
                /*
                 * loose.  The loose file name is the same as the
@@ -2884,10 +2974,10 @@ int log_ref_setup(const char *refname, char *logfile, int bufsize)
 
        logfd = open(logfile, oflags, 0666);
        if (logfd < 0) {
-               if (!(oflags & O_CREAT) && errno == ENOENT)
+               if (!(oflags & O_CREAT) && (errno == ENOENT || errno == EISDIR))
                        return 0;
 
-               if ((oflags & O_CREAT) && errno == EISDIR) {
+               if (errno == EISDIR) {
                        if (remove_empty_directories(logfile)) {
                                int save_errno = errno;
                                error("There are still logs under '%s'",
@@ -3326,29 +3416,54 @@ int for_each_reflog_ent_reverse(const char *refname, each_reflog_ent_fn fn, void
 
                        bp = find_beginning_of_line(buf, scanp);
 
-                       if (*bp != '\n') {
-                               strbuf_splice(&sb, 0, 0, buf, endp - buf);
-                               if (pos)
-                                       break; /* need to fill another block */
-                               scanp = buf - 1; /* leave loop */
-                       } else {
+                       if (*bp == '\n') {
                                /*
-                                * (bp + 1) thru endp is the beginning of the
-                                * current line we have in sb
+                                * The newline is the end of the previous line,
+                                * so we know we have complete line starting
+                                * at (bp + 1). Prefix it onto any prior data
+                                * we collected for the line and process it.
                                 */
                                strbuf_splice(&sb, 0, 0, bp + 1, endp - (bp + 1));
                                scanp = bp;
                                endp = bp + 1;
+                               ret = show_one_reflog_ent(&sb, fn, cb_data);
+                               strbuf_reset(&sb);
+                               if (ret)
+                                       break;
+                       } else if (!pos) {
+                               /*
+                                * We are at the start of the buffer, and the
+                                * start of the file; there is no previous
+                                * line, and we have everything for this one.
+                                * Process it, and we can end the loop.
+                                */
+                               strbuf_splice(&sb, 0, 0, buf, endp - buf);
+                               ret = show_one_reflog_ent(&sb, fn, cb_data);
+                               strbuf_reset(&sb);
+                               break;
                        }
-                       ret = show_one_reflog_ent(&sb, fn, cb_data);
-                       strbuf_reset(&sb);
-                       if (ret)
+
+                       if (bp == buf) {
+                               /*
+                                * We are at the start of the buffer, and there
+                                * is more file to read backwards. Which means
+                                * we are in the middle of a line. Note that we
+                                * may get here even if *bp was a newline; that
+                                * just means we are at the exact end of the
+                                * previous line, rather than some spot in the
+                                * middle.
+                                *
+                                * Save away what we have to be combined with
+                                * the data from the next read.
+                                */
+                               strbuf_splice(&sb, 0, 0, buf, endp - buf);
                                break;
+                       }
                }
 
        }
        if (!ret && sb.len)
-               ret = show_one_reflog_ent(&sb, fn, cb_data);
+               die("BUG: reverse reflog parser had leftover data");
 
        fclose(logfp);
        strbuf_release(&sb);
@@ -3472,6 +3587,8 @@ struct ref_transaction {
 
 struct ref_transaction *ref_transaction_begin(struct strbuf *err)
 {
+       assert(err);
+
        return xcalloc(1, sizeof(struct ref_transaction));
 }
 
@@ -3511,12 +3628,21 @@ int ref_transaction_update(struct ref_transaction *transaction,
 {
        struct ref_update *update;
 
+       assert(err);
+
        if (transaction->state != REF_TRANSACTION_OPEN)
                die("BUG: update called for transaction that is not open");
 
        if (have_old && !old_sha1)
                die("BUG: have_old is true but old_sha1 is NULL");
 
+       if (!is_null_sha1(new_sha1) &&
+           check_refname_format(refname, REFNAME_ALLOW_ONELEVEL)) {
+               strbuf_addf(err, "refusing to update ref with bad name %s",
+                           refname);
+               return -1;
+       }
+
        update = add_update(transaction, refname);
        hashcpy(update->new_sha1, new_sha1);
        update->flags = flags;
@@ -3536,12 +3662,20 @@ int ref_transaction_create(struct ref_transaction *transaction,
 {
        struct ref_update *update;
 
+       assert(err);
+
        if (transaction->state != REF_TRANSACTION_OPEN)
                die("BUG: create called for transaction that is not open");
 
        if (!new_sha1 || is_null_sha1(new_sha1))
                die("BUG: create ref with null new_sha1");
 
+       if (check_refname_format(refname, REFNAME_ALLOW_ONELEVEL)) {
+               strbuf_addf(err, "refusing to create ref with bad name %s",
+                           refname);
+               return -1;
+       }
+
        update = add_update(transaction, refname);
 
        hashcpy(update->new_sha1, new_sha1);
@@ -3561,6 +3695,8 @@ int ref_transaction_delete(struct ref_transaction *transaction,
 {
        struct ref_update *update;
 
+       assert(err);
+
        if (transaction->state != REF_TRANSACTION_OPEN)
                die("BUG: delete called for transaction that is not open");
 
@@ -3623,13 +3759,14 @@ static int ref_update_reject_duplicates(struct ref_update **updates, int n,
                                        struct strbuf *err)
 {
        int i;
+
+       assert(err);
+
        for (i = 1; i < n; i++)
                if (!strcmp(updates[i - 1]->refname, updates[i]->refname)) {
-                       const char *str =
-                               "Multiple updates for ref '%s' not allowed.";
-                       if (err)
-                               strbuf_addf(err, str, updates[i]->refname);
-
+                       strbuf_addf(err,
+                                   "Multiple updates for ref '%s' not allowed.",
+                                   updates[i]->refname);
                        return 1;
                }
        return 0;
@@ -3638,10 +3775,13 @@ static int ref_update_reject_duplicates(struct ref_update **updates, int n,
 int ref_transaction_commit(struct ref_transaction *transaction,
                           struct strbuf *err)
 {
-       int ret = 0, delnum = 0, i;
-       const char **delnames;
+       int ret = 0, i;
        int n = transaction->nr;
        struct ref_update **updates = transaction->updates;
+       struct string_list refs_to_delete = STRING_LIST_INIT_NODUP;
+       struct string_list_item *ref_to_delete;
+
+       assert(err);
 
        if (transaction->state != REF_TRANSACTION_OPEN)
                die("BUG: commit called for transaction that is not open");
@@ -3651,9 +3791,6 @@ int ref_transaction_commit(struct ref_transaction *transaction,
                return 0;
        }
 
-       /* Allocate work space */
-       delnames = xmalloc(sizeof(*delnames) * n);
-
        /* Copy, sort, and reject duplicate refs */
        qsort(updates, n, sizeof(*updates), ref_update_compare);
        if (ref_update_reject_duplicates(updates, n, err)) {
@@ -3664,21 +3801,23 @@ int ref_transaction_commit(struct ref_transaction *transaction,
        /* Acquire all locks while verifying old values */
        for (i = 0; i < n; i++) {
                struct ref_update *update = updates[i];
+               int flags = update->flags;
 
+               if (is_null_sha1(update->new_sha1))
+                       flags |= REF_DELETING;
                update->lock = lock_ref_sha1_basic(update->refname,
                                                   (update->have_old ?
                                                    update->old_sha1 :
                                                    NULL),
                                                   NULL,
-                                                  update->flags,
+                                                  flags,
                                                   &update->type);
                if (!update->lock) {
                        ret = (errno == ENOTDIR)
                                ? TRANSACTION_NAME_CONFLICT
                                : TRANSACTION_GENERIC_ERROR;
-                       if (err)
-                               strbuf_addf(err, "Cannot lock the ref '%s'.",
-                                           update->refname);
+                       strbuf_addf(err, "Cannot lock the ref '%s'.",
+                                   update->refname);
                        goto cleanup;
                }
        }
@@ -3691,9 +3830,8 @@ int ref_transaction_commit(struct ref_transaction *transaction,
                        if (write_ref_sha1(update->lock, update->new_sha1,
                                           update->msg)) {
                                update->lock = NULL; /* freed by write_ref_sha1 */
-                               if (err)
-                                       strbuf_addf(err, "Cannot update the ref '%s'.",
-                                                   update->refname);
+                               strbuf_addf(err, "Cannot update the ref '%s'.",
+                                           update->refname);
                                ret = TRANSACTION_GENERIC_ERROR;
                                goto cleanup;
                        }
@@ -3706,18 +3844,23 @@ int ref_transaction_commit(struct ref_transaction *transaction,
                struct ref_update *update = updates[i];
 
                if (update->lock) {
-                       if (delete_ref_loose(update->lock, update->type, err))
+                       if (delete_ref_loose(update->lock, update->type, err)) {
                                ret = TRANSACTION_GENERIC_ERROR;
+                               goto cleanup;
+                       }
 
                        if (!(update->flags & REF_ISPRUNING))
-                               delnames[delnum++] = update->lock->ref_name;
+                               string_list_append(&refs_to_delete,
+                                                  update->lock->ref_name);
                }
        }
 
-       if (repack_without_refs(delnames, delnum, err))
+       if (repack_without_refs(&refs_to_delete, err)) {
                ret = TRANSACTION_GENERIC_ERROR;
-       for (i = 0; i < delnum; i++)
-               unlink_or_warn(git_path("logs/%s", delnames[i]));
+               goto cleanup;
+       }
+       for_each_string_list_item(ref_to_delete, &refs_to_delete)
+               unlink_or_warn(git_path("logs/%s", ref_to_delete->string));
        clear_loose_ref_cache(&ref_cache);
 
 cleanup:
@@ -3726,7 +3869,7 @@ int ref_transaction_commit(struct ref_transaction *transaction,
        for (i = 0; i < n; i++)
                if (updates[i]->lock)
                        unlock_ref(updates[i]->lock);
-       free(delnames);
+       string_list_clear(&refs_to_delete, 0);
        return ret;
 }