nvmet-tcp: add bounds check on Transfer Tag
In the Linux kernel, the following vulnerability has been resolved:
ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds check to avoid out-of-bounds access.