diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c
index 44e1628664..ccbc147931 100644
--- a/src/basic/locale-util.c
+++ b/src/basic/locale-util.c
@@ -23,6 +23,7 @@
 
 #include "fd-util.h"
 #include "locale-util.h"
+#include "path-util.h"
 #include "set.h"
 #include "string-util.h"
 #include "strv.h"
diff --git a/src/basic/lockfile-util.c b/src/basic/lockfile-util.c
index e573dcb56f..6eee3009d8 100644
--- a/src/basic/lockfile-util.c
+++ b/src/basic/lockfile-util.c
@@ -30,6 +30,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "lockfile-util.h"
+#include "path-util.h"
 #include "util.h"
 
 int make_lock_file(const char *p, int operation, LockFile *ret) {
diff --git a/src/basic/path-util.c b/src/basic/path-util.c
index b1cab7356c..d581f85707 100644
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -723,3 +723,46 @@ char* dirname_malloc(const char *path) {
 
         return dir2;
 }
+
+bool filename_is_valid(const char *p) {
+        const char *e;
+
+        if (isempty(p))
+                return false;
+
+        if (streq(p, "."))
+                return false;
+
+        if (streq(p, ".."))
+                return false;
+
+        e = strchrnul(p, '/');
+        if (*e != 0)
+                return false;
+
+        if (e - p > FILENAME_MAX)
+                return false;
+
+        return true;
+}
+
+bool path_is_safe(const char *p) {
+
+        if (isempty(p))
+                return false;
+
+        if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
+                return false;
+
+        if (strlen(p)+1 > PATH_MAX)
+                return false;
+
+        /* The following two checks are not really dangerous, but hey, they still are confusing */
+        if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
+                return false;
+
+        if (strstr(p, "//"))
+                return false;
+
+        return true;
+}
diff --git a/src/basic/path-util.h b/src/basic/path-util.h
index 1ff47ab193..b2acca05fe 100644
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -102,3 +102,6 @@ char *prefix_root(const char *root, const char *path);
 int parse_path_argument_and_warn(const char *path, bool suppress_root, char **arg);
 
 char* dirname_malloc(const char *path);
+
+bool filename_is_valid(const char *p) _pure_;
+bool path_is_safe(const char *p) _pure_;
diff --git a/src/basic/util.c b/src/basic/util.c
index 06fe307ba0..576c6238d6 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -1439,26 +1439,6 @@ bool in_initrd(void) {
         return saved;
 }
 
-bool filename_is_valid(const char *p) {
-
-        if (isempty(p))
-                return false;
-
-        if (strchr(p, '/'))
-                return false;
-
-        if (streq(p, "."))
-                return false;
-
-        if (streq(p, ".."))
-                return false;
-
-        if (strlen(p) > FILENAME_MAX)
-                return false;
-
-        return true;
-}
-
 bool string_is_safe(const char *p) {
         const char *t;
 
@@ -1476,27 +1456,6 @@ bool string_is_safe(const char *p) {
         return true;
 }
 
-bool path_is_safe(const char *p) {
-
-        if (isempty(p))
-                return false;
-
-        if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
-                return false;
-
-        if (strlen(p)+1 > PATH_MAX)
-                return false;
-
-        /* The following two checks are not really dangerous, but hey, they still are confusing */
-        if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
-                return false;
-
-        if (strstr(p, "//"))
-                return false;
-
-        return true;
-}
-
 /* hey glibc, APIs with callbacks without a user pointer are so useless */
 void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
                  int (*compar) (const void *, const void *, void *), void *arg) {
diff --git a/src/basic/util.h b/src/basic/util.h
index 9388ba7d74..f96b493d9d 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -303,8 +303,6 @@ _alloc_(2, 3) static inline void *memdup_multiply(const void *p, size_t a, size_
         return memdup(p, a * b);
 }
 
-bool filename_is_valid(const char *p) _pure_;
-bool path_is_safe(const char *p) _pure_;
 bool string_is_safe(const char *p) _pure_;
 
 /**
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index 8bff7d4b39..a42124288d 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -31,6 +31,7 @@
 #include "fileio-label.h"
 #include "hostname-util.h"
 #include "parse-util.h"
+#include "path-util.h"
 #include "selinux-util.h"
 #include "strv.h"
 #include "util.h"
diff --git a/src/import/pull-common.c b/src/import/pull-common.c
index f465154b1d..0e918d6416 100644
--- a/src/import/pull-common.c
+++ b/src/import/pull-common.c
@@ -27,6 +27,7 @@
 #include "escape.h"
 #include "fd-util.h"
 #include "io-util.h"
+#include "path-util.h"
 #include "process-util.h"
 #include "pull-common.h"
 #include "pull-job.h"
diff --git a/src/libsystemd/sd-login/sd-login.c b/src/libsystemd/sd-login/sd-login.c
index 05cba9651a..879838601c 100644
--- a/src/libsystemd/sd-login/sd-login.c
+++ b/src/libsystemd/sd-login/sd-login.c
@@ -37,6 +37,7 @@
 #include "login-util.h"
 #include "macro.h"
 #include "parse-util.h"
+#include "path-util.h"
 #include "socket-util.h"
 #include "string-util.h"
 #include "strv.h"
diff --git a/src/locale/localed.c b/src/locale/localed.c
index 73e25f0642..343399a62d 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -30,20 +30,21 @@
 
 #include "sd-bus.h"
 
-#include "util.h"
-#include "mkdir.h"
-#include "strv.h"
-#include "def.h"
-#include "env-util.h"
-#include "fileio.h"
-#include "fileio-label.h"
-#include "bus-util.h"
 #include "bus-error.h"
 #include "bus-message.h"
+#include "bus-util.h"
+#include "def.h"
+#include "env-util.h"
 #include "event-util.h"
-#include "locale-util.h"
-#include "selinux-util.h"
 #include "fd-util.h"
+#include "fileio-label.h"
+#include "fileio.h"
+#include "locale-util.h"
+#include "mkdir.h"
+#include "path-util.h"
+#include "selinux-util.h"
+#include "strv.h"
+#include "util.h"
 
 enum {
         /* We don't list LC_ALL here on purpose. People should be
diff --git a/src/shared/dropin.c b/src/shared/dropin.c
index 1836e91acd..25400277ff 100644
--- a/src/shared/dropin.c
+++ b/src/shared/dropin.c
@@ -25,6 +25,7 @@
 #include "fd-util.h"
 #include "fileio-label.h"
 #include "mkdir.h"
+#include "path-util.h"
 #include "string-util.h"
 #include "strv.h"
 #include "util.h"
diff --git a/src/shared/import-util.c b/src/shared/import-util.c
index c4c66c847d..b50e86b944 100644
--- a/src/shared/import-util.c
+++ b/src/shared/import-util.c
@@ -20,9 +20,10 @@
 ***/
 
 #include "btrfs-util.h"
+#include "import-util.h"
+#include "path-util.h"
 #include "string-util.h"
 #include "util.h"
-#include "import-util.h"
 
 int import_url_last_component(const char *url, char **ret) {
         const char *e, *p;
diff --git a/src/test/test-util.c b/src/test/test-util.c
index 8e5860f0e4..109791163f 100644
--- a/src/test/test-util.c
+++ b/src/test/test-util.c
@@ -50,6 +50,7 @@
 #include "user-util.h"
 #include "util.h"
 #include "virt.h"
+#include "path-util.h"
 
 static void test_streq_ptr(void) {
         assert_se(streq_ptr(NULL, NULL));