Unchecked VMS date token copy can overflow a fixed buffer in ftp listing parsing

While parsing VMS directory listings, the parser copies a date token into a fixed 32-byte local buffer with strcpy() and then appends a space with strcat(). The token is only length-bounded by strlen(tok) < 12, which is not enough to guarantee the accumulated date string stays within date_str when malformed or repeated token combinations occur. This is a classic stack buffer overflow surface in an input parser that consumes attacker-controlled FTP directory listings.