diff --git a/changes/bug17722 b/changes/bug17722
new file mode 100644
index 0000000000..1b18d4af2b
--- /dev/null
+++ b/changes/bug17722
@@ -0,0 +1,3 @@
+  o Minor bugfixes (code correctness)
+    - Fix undefined behavior in the tor_cert_checksig function. Fixes bug
+      17722; bugfix on tor-0.2.7.2-alpha.
diff --git a/src/or/torcert.c b/src/or/torcert.c
index 596cd2be31..ef5b4c0c3b 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -206,7 +206,11 @@ tor_cert_checksig(tor_cert_t *cert,
     return -1;
   } else {
     cert->sig_ok = 1;
-    memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
+    /* Only copy the checkable public key when it is different from the signing
+     * key of the certificate to avoid undefined behavior. */
+    if (cert->signing_key.pubkey != checkable.pubkey->pubkey) {
+      memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
+    }
     cert->cert_valid = 1;
     return 0;
   }