Yes, you are correct that we are copying one more byte to the buffer than we are testing for. Thanks for catching the bug! In practice, this isn't a problem because the kernel always allocates a full page to pass to the /proc read function. The solution isn't to test for a larger buffer, though - we don't want to copy the null terminating byte to userspace. Instead, we'll use strncpy to avoid copying the terminating byte.
* We know the buffer is big enough to hold the string. Don't
* copy the terminating '\0' - this is file output, not
* another C string.
strncpy(buffer, hello_str, len);