FTP listing parser stack overflow in date_str assembly

GNU Wget's VMS FTP directory listing parser copies attacker-controlled tokens from the server response into a fixed-size stack buffer while reconstructing the date/time field. The date token is copied with strcpy and then a space is appended with strcat, with no check that the token plus separator fit in the destination.