Index: usr.sbin/bhyve/bhyverun.c
===================================================================
--- usr.sbin/bhyve/bhyverun.c
+++ usr.sbin/bhyve/bhyverun.c
@@ -233,8 +233,8 @@
 		"       -W: force virtio to use single-vector MSI\n"
 		"       -x: local apic is in x2APIC mode\n"
 		"       -Y: disable MPtable generation\n",
-		progname, (int)strlen(progname), "", (int)strlen(progname), "",
-		(int)strlen(progname), "");
+		progname, (int)strnlen(progname, PATH_MAX), "", (int)strnlen(progname, PATH_MAX), "",
+		(int)strnlen(progname, PATH_MAX), "");
 
 	exit(code);
 }
Index: usr.sbin/bhyve/smbiostbl.c
===================================================================
--- usr.sbin/bhyve/smbiostbl.c
+++ usr.sbin/bhyve/smbiostbl.c
@@ -558,7 +558,7 @@
 			int len;
 
 			string = template_strings[i];
-			len = strlen(string) + 1;
+			len = strnlen(string, SMBIOS_MAX_LENGTH) + 1;
 			memcpy(curaddr, string, len);
 			curaddr += len;
 		}
@@ -611,7 +611,7 @@
 			return (-1);
 
 		MD5Init(&mdctx);
-		MD5Update(&mdctx, vmname, strlen(vmname));
+		MD5Update(&mdctx, vmname, strnlen(vmname, PATH_MAX));
 		MD5Update(&mdctx, hostname, sizeof(hostname));
 		MD5Final(digest, &mdctx);
 
Index: usr.sbin/bhyve/usb_mouse.c
===================================================================
--- usr.sbin/bhyve/usb_mouse.c
+++ usr.sbin/bhyve/usb_mouse.c
@@ -70,6 +70,7 @@
 	UMSTR_MAX
 };
 
+#define UMOUSE_DESC_MAX_LEN	32
 static const char *umouse_desc_strings[] = {
 	"\x04\x09",
 	"BHYVE",
@@ -441,7 +442,7 @@
 				goto done;
 			}
 
-			slen = 2 + strlen(str) * 2;
+			slen = 2 + strnlen(str, UMOUSE_DESC_MAX_LEN) * 2;
 			udata[0] = slen;
 			udata[1] = UDESC_STRING;