nl80211: Avoid infinite loop when searching a BSS

When hostapd is removing a virtual BSS interface, the loop here was
incorrectly not updating the iterator during list traversal and
ended up in an infinite loop in some cases.

src/drivers/driver_nl80211.c

@@ -5775,16 +5775,19 @@ static int wpa_driver_nl80211_if_remove(void *priv,
 		return 0;
 
 	if (bss != &drv->first_bss) {
-		struct i802_bss *tbss = &drv->first_bss;
+		struct i802_bss *tbss;
 
-		while (tbss) {
-			if (tbss->next != bss)
-				continue;
-
-			tbss->next = bss->next;
-			os_free(bss);
-			break;
+		for (tbss = &drv->first_bss; tbss; tbss = tbss->next) {
+			if (tbss->next == bss) {
+				tbss->next = bss->next;
+				os_free(bss);
+				bss = NULL;
+				break;
+			}
 		}
+		if (bss)
+			wpa_printf(MSG_INFO, "nl80211: %s - could not find "
+				   "BSS %p in the list", __func__, bss);
 	}
 #endif /* HOSTAPD */