wget ftp-ls VMS token parsing uses strcpy into fixed buffer (potential overflow)

In [REDACTED], VMS directory listing parser copies a token representing a date into a fixed-size stack buffer using strcpy(), without verifying that token length fits the destination. Although there's a length check strlen(tok)<12, the destination buffer size (date_str) is not validated here, and any mismatch or unexpected token formatting could lead to stack buffer overflow. Exploitability depends on date_str sizing and compilation settings, but pattern is unsafe for attacker-controlled ftp listing output.