From: Jan Engelhardt <jengelh@inai.de>
Date: 2014-09-30 15:15:52.645631792 +0200
X-Status: fixes an upstream issue

Shells generally only allow setting environment variables whose keys
are of the form /^[A-Z_][A-Z0-9_]/i. Exporting anything else is going
to end in disaster (sh throwing syntax errors).

---
 at.c |   24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

Index: at-3.1.14/at.c
===================================================================
--- at-3.1.14.orig/at.c
+++ at-3.1.14/at.c
@@ -225,6 +225,23 @@ nextjob()
     return jobno;
 }
 
+/**
+ * @s:	string in the form of "key=value" and \0-terminated
+ * @n:	length of key portion
+ */
+static bool legit_key(const char *s, size_t n)
+{
+	/* First char has extra restrictions: must not be a digit */
+	if (!isalpha(*s) && *s != '_')
+		return false;
+	for (; n-- > 0; ++s) {
+		if (!isalnum(*s) && *s != '_')
+			return false;
+		++s;
+	}
+	return true;
+}
+
 static void
 writefile(time_t runtimer, char queue)
 {
@@ -403,7 +420,10 @@ writefile(time_t runtimer, char queue)
 	    eqp++;
 	}
 
-	if (export) {
+	if (!export || !legit_key(*atenv, eqp - *atenv)) {
+	    continue;
+	}
+
 	    fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
 	    for (ap = eqp; *ap != '\0'; ap++) {
 		if (*ap == '\n')
@@ -439,7 +459,6 @@ writefile(time_t runtimer, char queue)
 	    fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp);
 	    fputc('\n', fp);
 
-	}
     }
     /* Cd to the directory at the time and write out all the
      * commands the user supplies from stdin.