Fix unprivileged behavior for -PU and others

If not root, fallback to TCP ping from ICMP was incorrectly obliterating
other -P* options without warning, leading to unexpected behavior and
inconsistent error messages (i.e. including -PE would silence all
warnings usually given with -PU)

nmap.cc

@@ -390,6 +390,18 @@ void validate_scan_lists(scan_lists &vports, NmapOps &vo) {
     }
   }
 
+  if (!vo.isr00t) {
+    if (vo.pingtype & (PINGTYPE_ICMP_PING | PINGTYPE_ICMP_MASK | PINGTYPE_ICMP_TS)) {
+      error("Warning:  You are not root -- using TCP pingscan rather than ICMP");
+      vo.pingtype &= ~(PINGTYPE_ICMP_PING | PINGTYPE_ICMP_MASK | PINGTYPE_ICMP_TS);
+      vo.pingtype |= PINGTYPE_TCP;
+      if (vports.syn_ping_count == 0) {
+        getpts_simple(DEFAULT_TCP_PROBE_PORT_SPEC, SCAN_TCP_PORT, &vports.syn_ping_ports, &vports.syn_ping_count);
+        assert(vports.syn_ping_count > 0);
+      }
+    }
+  }
+
   if ((vo.pingtype & PINGTYPE_TCP) && (!vo.isr00t)) {
     // We will have to do a connect() style ping
     // Pretend we wanted SYN probes all along.
@@ -417,16 +429,6 @@ void validate_scan_lists(scan_lists &vports, NmapOps &vo) {
     vo.pingtype |= PINGTYPE_TCP_USE_SYN;
   }
 
-  if (!vo.isr00t) {
-    if (vo.pingtype & (PINGTYPE_ICMP_PING | PINGTYPE_ICMP_MASK | PINGTYPE_ICMP_TS)) {
-      error("Warning:  You are not root -- using TCP pingscan rather than ICMP");
-      vo.pingtype = PINGTYPE_TCP;
-      if (vports.syn_ping_count == 0) {
-        getpts_simple(DEFAULT_TCP_PROBE_PORT_SPEC, SCAN_TCP_PORT, &vports.syn_ping_ports, &vports.syn_ping_count);
-        assert(vports.syn_ping_count > 0);
-      }
-    }
-  }
 }
 
 struct ftpinfo ftp = get_default_ftpinfo();