diff --git a/usr.sbin/bhyve/bhyverun.c b/usr.sbin/bhyve/bhyverun.c
index 7be2b0287b8d..dc6e47a22f8d 100644
--- a/usr.sbin/bhyve/bhyverun.c
+++ b/usr.sbin/bhyve/bhyverun.c
@@ -233,8 +233,8 @@ usage(int code)
 		"       -W: force virtio to use single-vector MSI\n"
 		"       -x: local apic is in x2APIC mode\n"
 		"       -Y: disable MPtable generation\n",
-		progname, (int)strlen(progname), "", (int)strlen(progname), "",
-		(int)strlen(progname), "");
+		progname, (int)strnlen(progname, PATH_MAX), "", (int)strnlen(progname, PATH_MAX), "",
+		(int)strnlen(progname, PATH_MAX), "");
 
 	exit(code);
 }
diff --git a/usr.sbin/bhyve/smbiostbl.c b/usr.sbin/bhyve/smbiostbl.c
index f9ee3adace24..27f960423755 100644
--- a/usr.sbin/bhyve/smbiostbl.c
+++ b/usr.sbin/bhyve/smbiostbl.c
@@ -558,7 +558,7 @@ smbios_generic_initializer(struct smbios_structure *template_entry,
 			int len;
 
 			string = template_strings[i];
-			len = strlen(string) + 1;
+			len = strnlen(string, SMBIOS_MAX_LENGTH) + 1;
 			memcpy(curaddr, string, len);
 			curaddr += len;
 		}
@@ -611,7 +611,7 @@ smbios_type1_initializer(struct smbios_structure *template_entry,
 			return (-1);
 
 		MD5Init(&mdctx);
-		MD5Update(&mdctx, vmname, strlen(vmname));
+		MD5Update(&mdctx, vmname, strnlen(vmname, PATH_MAX));
 		MD5Update(&mdctx, hostname, sizeof(hostname));
 		MD5Final(digest, &mdctx);
 
diff --git a/usr.sbin/bhyve/usb_mouse.c b/usr.sbin/bhyve/usb_mouse.c
index e61301207192..a81c9f8314f0 100644
--- a/usr.sbin/bhyve/usb_mouse.c
+++ b/usr.sbin/bhyve/usb_mouse.c
@@ -70,6 +70,7 @@ enum {
 	UMSTR_MAX
 };
 
+#define UMOUSE_DESC_MAX_LEN	32
 static const char *umouse_desc_strings[] = {
 	"\x04\x09",
 	"BHYVE",
@@ -441,7 +442,7 @@ umouse_request(void *scarg, struct usb_data_xfer *xfer)
 				goto done;
 			}
 
-			slen = 2 + strlen(str) * 2;
+			slen = 2 + strnlen(str, UMOUSE_DESC_MAX_LEN) * 2;
 			udata[0] = slen;
 			udata[1] = UDESC_STRING;