From a60052853224f18d93baefa75dffc3f5ec7c3baf Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 17 Jun 2025 21:50:10 +0000
Subject: [PATCH] Set ss_family when generating random decoys. Fixes #2757.

---
 CHANGELOG | 3 +++
 nmap.cc   | 7 +++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 266432ced..60f82855d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [GH#2757] Fix a crash in traceroute when using randomly-generated decoys:
+  "Assertion `source->ss_family == AF_INET' failed" [Daniel Miller]
+
 o [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers
   that are registered as Extension Header values. When the --data option was
   used, these would fail the assertion "len == (u32) ntohs(ip6->ip6_plen)"
diff --git a/nmap.cc b/nmap.cc
index 8d0256037..7e7e67538 100644
--- a/nmap.cc
+++ b/nmap.cc
@@ -1780,9 +1780,12 @@ void  apply_delayed_options() {
           fatal("You are only allowed %d decoys (if you need more redefine MAX_DECOYS in nmap.h)", MAX_DECOYS);
 
         while (i--) {
+          sockaddr_storage *ss = &o.decoys[o.numdecoys];
+          memset(ss, 0, sizeof(sockaddr_storage));
+          ss->ss_family = AF_INET;
           do {
-            ((struct sockaddr_in *)&o.decoys[o.numdecoys])->sin_addr.s_addr = get_random_u32();
-          } while (ip_is_reserved(&o.decoys[o.numdecoys]));
+            ((struct sockaddr_in *)ss)->sin_addr.s_addr = get_random_u32();
+          } while (ip_is_reserved(ss));
           o.numdecoys++;
         }
       } else {