diff --git a/TODO.md b/TODO.md
index b0dde18f..2ce52c00 100644
--- a/TODO.md
+++ b/TODO.md
@@ -4,7 +4,6 @@
 - Implement server-side drops on non-BB game versions
 - Find a way to silence audio in RunDOL.s
 - Implement private and overflow lobbies
-- Enforce client-side size limits (e.g. for 60/62 commands) on the server side as well
 - Encapsulate BB server-side random state and make replays deterministic
 - Implement character and inventory replacement for battle and challenge modes
 - Implement choice search
diff --git a/src/ReceiveCommands.cc b/src/ReceiveCommands.cc
index deacc45a..4d81088f 100644
--- a/src/ReceiveCommands.cc
+++ b/src/ReceiveCommands.cc
@@ -2660,6 +2660,9 @@ static void on_61_98(shared_ptr<Client> c, uint16_t command, uint32_t flag, cons
 
 static void on_6x_C9_CB(shared_ptr<Client> c, uint16_t command, uint32_t flag, const string& data) {
   check_size_v(data.size(), 4, 0xFFFF);
+  if ((data.size() > 0x400) && (command != 0x6C) && (command != 0x6D)) {
+    throw runtime_error("non-extended game command data size is too large");
+  }
   on_subcommand_multi(c, command, flag, data);
 }