Much easier to fix the problem one level deeper. Just replace /bin/bash with this Perl script:
#!/usr/bin/perl -wT
use strict;
# Clean up environment
s/^\(\) {.*// for values %ENV;
# Now, exec bash with our name and our arguments
exec { $0 } '/bin/bash.original', @ARGV;
If you're looking at validating all environment variables, you'd need to know which environment variables are supposed to hold what kind of values. And for example LD_PRELOAD or LD_LIBRARY_PATH should be passed through verbatim (because if an attacker already has access to these, you can't even trust yourself).