read_frame was misuing the packet length in the following ways:
- returning non-zero even if buf_len is too short for the packet
- truncating the length to buf_len if len is too long then using the
  truncated (i.e. wrong) length to index into the buffer
- memcpying too many bytes (used buf_len instead of real length)

This commit fixes all of this and adds some code to report
on packet length errors (to match with cc2538 driver).