Wget VMS FTP listing parser stack overflow via cumulative date_str concatenation

The VMS FTP listing parser in [REDACTED] stores a timestamp in a fixed 32-byte stack buffer named date_str. It copies the first date token with strcpy(date_str, tok), appends a space with strcat(date_str, " "), and later appends time tokens with strncat. The code only checks that each token is individually shorter than 12 bytes, but it never checks the total accumulated length. A malicious FTP LIST response can therefore overflow date_str by providing enough date/time fragments.