You aren't checking if src or dst are null. You aren't checking the return value of sprintf() (though it would be very surprising for it to fail). The function doesn't indicate if it fails to convert the buffer to hex (e.g. src or dst null, not enough room in dst).
Using assert() rather than an unconditional test allows that test to be skipped in production code. If you're serious about buffer overruns and security, you're serious enough to always do the check.
I can't see anything else, but its been a while since I've been immersed in low level C. It does without saying that the function puts pressure on the callers to ensure that the sizes match the actual sizes of the buffers.
If srclen does include the '\0', you will have a "00" appended to dst.
[/quote]
Is that not what is desired? I'm not sure what your objection to the case there src includes a NUL character is?