I'm not good at English. If you can't catch what I say, please see the attached patch. This doesn't have to meet 0.9.1, but may affect performance.
modules/ftp/ftp_message.c line 53: strncpy(outptr, time_str, outlen); if (outlen > APR_CTIME_LEN - 1) { *(outptr + APR_CTIME_LEN - 1) = '\0'; } When the condition is true, outptr has been NULL-terminated by strncpy. I thought it should be "outlen < APR_CTIME_LEN"... But though outptr hasn't when the condition is false, line 109: outptr[outlen - 1] = '\0'; will NULL-terminate. So this if block is useless. Moreover, strncpy fills '\0'. outlen is often BUFSIZ, which is very large number. apr_cpystrn is better.
Index: modules/ftp/ftp_message.c =================================================================== --- modules/ftp/ftp_message.c (revision 605569) +++ modules/ftp/ftp_message.c (working copy) @@ -50,10 +50,7 @@ switch(*++inptr) { case 'T': apr_ctime(time_str, apr_time_now()); - strncpy(outptr, time_str, outlen); - if (outlen > APR_CTIME_LEN - 1) { - *(outptr + APR_CTIME_LEN - 1) = '\0'; - } + apr_cpystrn(outptr, time_str, outlen); break; case 'C': apr_snprintf(outptr, outlen, "%s", fc->cwd);