Unchecked FTP VMS date token overflows fixed-size buffer

While parsing VMS-style FTP directory listings, the code copies a date token into a fixed 32-byte stack buffer with strcpy() and immediately appends a space with strcat(). The token comes from server-controlled listing text and is only constrained by token length checks (< 12) for the individual date/time tokens, not by the accumulated contents of date_str. A crafted listing with a long or malformed date token sequence can overflow the stack buffer before strptime() is reached.