wget ftp-ls.c: potential stack buffer overflow via date_str strcpy/strcat

In wget's src/ftp-ls.c, the VMS FTP LIST parser accumulates a date string into a fixed-size stack buffer char date_str[32] using strcpy(date_str, tok) and strcat(date_str, " ") without bounds checks. The token tok comes from strtok() over attacker-controlled server output, and only checks strlen(tok) < 12, which is insufficient once combined with additional appended characters (e.g., the subsequent time token appends to date_str via strncat but assumes the earlier concatenation fit). This can lead to stack-based buffer overflow/adjacent corruption when crafted server listing lines are processed.