Deprecated.
If this token is advertised by the server, its value is the maximum length of an IRC message. The value MUST NOT be less than 512.
Note that values greater than 512 are not compatible with all clients, and may cause various ill effects.
Servers MUST reject lines which are longer than the advertised value, and MUST NOT forward lines which are longer than the advertised value.
Clients SHOULD support LINELEN up to at least 8192, SHOULD support arbitrarily high LINELEN, and SHOULD allow the user to configure any limits. Clients MUST handle receiving a line which exceeds the LINELEN securely, normally by terminating the connection if a line is unable to fit in the buffer.
Clients are tested up to 64KB for a full ✅; with extensions and/or up to 8KB for a ☑️; and for secure behavior when a line is too long for a 🚫. Clients which may be vulnerable to command injection or buffer overflow are denoted with a 🔥.
Note that most clients, even those with a green mark in this table, are broken and will allow command injection beyond some length (64KB for irssi, for example).
| Client | Rx | Tx | |
|---|---|---|---|
| irssi | ✅ | ☑️ | Need module for sending Source, Builds. interprets bytes past 64KB as a new line Source |
| soju | ✅ | ✅ | |
| gamja | ✅ | ✅ | |
| netcat | ✅ | ✅ | make sure to stty -icanon first |
| weechat | ✅ | ☑️ | sending <4KB but makes CPU go brr |
| biboumi | ✅ | 🚫 | |
| kiwiirc | ✅ | 🚫 | |
| mIRC | ✅ | 🚫 | |
| Textual | ✅ | 🚫 | |
| HexChat | ✅ | 🚫 | |
| Quassel | ✅ | 🚫 | |
| KVIrc | ✅ | 🚫 | |
| irccloud | ☑️ | 🚫 | terminates the connection if it receives >8880B |
| znc | 🚫 | 🚫 | terminates the connection if it receives >2KB Source, Issue |
| sic | 🔥 | 🚫 | interprets bytes past 4KB as a new line Source although impact is minimal due to the lack of features |
If the maximum LINELEN value is not limited by the client, a malicious server could cause the IRC client to run out of memory.
If the client does not support LINELEN and does not have sufficient bounds checks, a command injection or even remote-client-exploitable buffer overflow may result. In particular, a command injection (allowing the attacker to masquerade as a server) exposes significantly more complexity and thus in practice more vulnerabilities to an attacker.
If the client does not support LINELEN and has sufficient bounds checks, it should normally terminate the connection and/or process.
In some cases, terminating the connection for a line which the client is unable to parse may constitute an unacceptable denial of service; for those clients, it may be preferable to take some other action when certain commands are too long, for example truncating a PRIVMSG body. If this is done, the next packet(s) received MUST be discarded until the next occurrence of a line terminator. The remainder of the line which has been truncated MUST NOT be parsed as a new command.