wget ftp VMS ls parsing: strcpy into fixed-size date_str without length check

In [REDACTED], [REDACTED] parses VMS directory listings using strtok tokens from remote-controlled FTP LIST output. When a token looks like a date (strlen(tok)<12 and contains '-'), it copies it into a fixed 32-byte stack buffer date_str via strcpy(date_str, tok) and then appends a space via strcat(date_str, " "). The length check is ineffective because strlen(tok) < 12 does not guarantee the resulting concatenated string fits within 32 bytes across all control-flow paths (and future code changes or different token formats can break invariants). More importantly, using unbounded strcpy/strcat on attacker-influenced token content is a classic stack buffer overflow risk in a parser for untrusted input.