From 53752093d769519d836c18338850912d05d0699d Mon Sep 17 00:00:00 2001 From: dmiller Date: Mon, 27 Nov 2023 23:05:02 +0000 Subject: [PATCH] Fix unprivileged behavior for -PU and others If not root, fallback to TCP ping from ICMP was incorrectly obliterating other -P* options without warning, leading to unexpected behavior and inconsistent error messages (i.e. including -PE would silence all warnings usually given with -PU) --- nmap.cc | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/nmap.cc b/nmap.cc index 9c3dc9e8f..a52b7370e 100644 --- a/nmap.cc +++ b/nmap.cc @@ -390,6 +390,18 @@ void validate_scan_lists(scan_lists &vports, NmapOps &vo) { } } + if (!vo.isr00t) { + if (vo.pingtype & (PINGTYPE_ICMP_PING | PINGTYPE_ICMP_MASK | PINGTYPE_ICMP_TS)) { + error("Warning: You are not root -- using TCP pingscan rather than ICMP"); + vo.pingtype &= ~(PINGTYPE_ICMP_PING | PINGTYPE_ICMP_MASK | PINGTYPE_ICMP_TS); + vo.pingtype |= PINGTYPE_TCP; + if (vports.syn_ping_count == 0) { + getpts_simple(DEFAULT_TCP_PROBE_PORT_SPEC, SCAN_TCP_PORT, &vports.syn_ping_ports, &vports.syn_ping_count); + assert(vports.syn_ping_count > 0); + } + } + } + if ((vo.pingtype & PINGTYPE_TCP) && (!vo.isr00t)) { // We will have to do a connect() style ping // Pretend we wanted SYN probes all along. @@ -417,16 +429,6 @@ void validate_scan_lists(scan_lists &vports, NmapOps &vo) { vo.pingtype |= PINGTYPE_TCP_USE_SYN; } - if (!vo.isr00t) { - if (vo.pingtype & (PINGTYPE_ICMP_PING | PINGTYPE_ICMP_MASK | PINGTYPE_ICMP_TS)) { - error("Warning: You are not root -- using TCP pingscan rather than ICMP"); - vo.pingtype = PINGTYPE_TCP; - if (vports.syn_ping_count == 0) { - getpts_simple(DEFAULT_TCP_PROBE_PORT_SPEC, SCAN_TCP_PORT, &vports.syn_ping_ports, &vports.syn_ping_count); - assert(vports.syn_ping_count > 0); - } - } - } } struct ftpinfo ftp = get_default_ftpinfo();