[802.11] Fix a use-after-free

When we received an encrypted packet, after replacing it with its
decrypted version and freeing the encrypted original, we would
continue to look at the header of the now-freed original packet. Fix
by moving the header pointer to point at the decrypted packet instead.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/net/80211/net80211.c

@@ -2720,6 +2720,7 @@ void net80211_rx ( struct net80211_device *dev, struct io_buffer *iob,
 		}
 		free_iob ( iob );
 		iob = niob;
+		hdr = iob->data;
 	}
 
 	dev->last_signal = signal;