diff --git a/src/libmongoc/src/mongoc/mongoc-cyrus.c b/src/libmongoc/src/mongoc/mongoc-cyrus.c
index 265b2bb42d..9564f7f89b 100644
--- a/src/libmongoc/src/mongoc/mongoc-cyrus.c
+++ b/src/libmongoc/src/mongoc/mongoc-cyrus.c
@@ -112,10 +112,18 @@ _mongoc_cyrus_canon_user(sasl_conn_t *conn,
    BSON_UNUSED(sasl);
    BSON_UNUSED(flags);
    BSON_UNUSED(user_realm);
-   BSON_UNUSED(out_max);
+
+   // `inlen` is a string length (excluding trailing NULL).
+   // Cyrus-SASL passes an `out` buffer of size `out_max + 1`. Assume `out_max` is the max to be safe.
+   if (inlen + 1 >= out_max) {
+      MONGOC_ERROR("SASL username too large");
+      return SASL_BUFOVER;
+   }
 
    TRACE("Canonicalizing %s (%" PRIu32 ")\n", in, inlen);
-   strcpy(out, in);
+   // Use memmove in case buffers overlap. From Cyrus-SASL: "output buffers and the input buffers may be the same"
+   memmove(out, in, inlen);
+   out[inlen] = '\0';
    *out_len = inlen;
    return SASL_OK;
 }