diff -rupN cryptsetup-2.0.3.old/lib/luks2/luks2_json_metadata.c cryptsetup-2.0.3/lib/luks2/luks2_json_metadata.c
--- cryptsetup-2.0.3.old/lib/luks2/luks2_json_metadata.c	2019-04-03 18:55:44.392182454 +0200
+++ cryptsetup-2.0.3/lib/luks2/luks2_json_metadata.c	2019-04-03 18:56:22.567106063 +0200
@@ -429,6 +429,7 @@ int LUKS2_token_validate(json_object *hd
 {
 	json_object *jarr, *jobj_keyslots;
 
+	/* keyslots are not yet validated, but we need to know token doesn't reference missing keyslot */
 	if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))
 		return 1;
 
@@ -505,12 +506,57 @@ static int hdr_validate_tokens(json_obje
 	return 0;
 }
 
-static int hdr_validate_segments(json_object *hdr_jobj)
+static int hdr_validate_crypt_segment(json_object *jobj, const char *key, json_object *jobj_digests,
+	uint64_t offset, uint64_t size)
 {
-	json_object *jobj, *jobj_digests, *jobj_offset, *jobj_ivoffset,
-		    *jobj_length, *jobj_sector_size, *jobj_type, *jobj_integrity;
+	json_object *jobj_ivoffset, *jobj_sector_size, *jobj_integrity;
 	uint32_t sector_size;
-	uint64_t ivoffset, offset, length;
+	uint64_t ivoffset;
+
+	if (!(jobj_ivoffset = json_contains(jobj, key, "Segment", "iv_tweak", json_type_string)) ||
+	    !json_contains(jobj, key, "Segment", "encryption", json_type_string) ||
+	    !(jobj_sector_size = json_contains(jobj, key, "Segment", "sector_size", json_type_int)))
+		return 1;
+
+	/* integrity */
+	if (json_object_object_get_ex(jobj, "integrity", &jobj_integrity)) {
+		if (!json_contains(jobj, key, "Segment", "integrity", json_type_object) ||
+		    !json_contains(jobj_integrity, key, "Segment integrity", "type", json_type_string) ||
+		    !json_contains(jobj_integrity, key, "Segment integrity", "journal_encryption", json_type_string) ||
+		    !json_contains(jobj_integrity, key, "Segment integrity", "journal_integrity", json_type_string))
+			return 1;
+	}
+
+	/* enforce uint32_t type */
+	if (!validate_json_uint32(jobj_sector_size)) {
+		log_dbg("Illegal field \"sector_size\":%s.",
+			json_object_get_string(jobj_sector_size));
+		return 1;
+	}
+
+	sector_size = json_object_get_uint32(jobj_sector_size);
+	if (!sector_size || sector_size % SECTOR_SIZE) {
+		log_dbg("Illegal sector size: %" PRIu32, sector_size);
+		return 1;
+	}
+
+	if (!numbered("iv_tweak", json_object_get_string(jobj_ivoffset)) ||
+	    !json_str_to_uint64(jobj_ivoffset, &ivoffset))
+		return 1;
+
+	if (size % sector_size) {
+		log_dbg("Size field has to be aligned to sector size: %" PRIu32, sector_size);
+		return 1;
+	}
+
+	return !segment_has_digest(key, jobj_digests);
+}
+
+static int hdr_validate_segments(json_object *hdr_jobj)
+{
+	json_object *jobj, *jobj_digests, *jobj_offset, *jobj_size, *jobj_type, *jobj_flags;
+	int i;
+	uint64_t offset, size;
 
 	if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj)) {
 		log_dbg("Missing segments section.");
@@ -530,70 +576,46 @@ static int hdr_validate_segments(json_ob
 		if (!numbered("Segment", key))
 			return 1;
 
-		if (!json_contains(val, key, "Segment", "type", json_type_string) ||
+		/* those fields are mandatory for all segment types */
+		if (!(jobj_type =   json_contains(val, key, "Segment", "type",   json_type_string)) ||
 		    !(jobj_offset = json_contains(val, key, "Segment", "offset", json_type_string)) ||
-		    !(jobj_ivoffset = json_contains(val, key, "Segment", "iv_tweak", json_type_string)) ||
-		    !(jobj_length = json_contains(val, key, "Segment", "size", json_type_string)) ||
-		    !json_contains(val, key, "Segment", "encryption", json_type_string) ||
-		    !(jobj_sector_size = json_contains(val, key, "Segment", "sector_size", json_type_int)))
-			return 1;
-
-		/* integrity */
-		if (json_object_object_get_ex(val, "integrity", &jobj_integrity)) {
-			if (!json_contains(val, key, "Segment", "integrity", json_type_object) ||
-			    !json_contains(jobj_integrity, key, "Segment integrity", "type", json_type_string) ||
-			    !json_contains(jobj_integrity, key, "Segment integrity", "journal_encryption", json_type_string) ||
-			    !json_contains(jobj_integrity, key, "Segment integrity", "journal_integrity", json_type_string))
-				return 1;
-		}
-
-		/* enforce uint32_t type */
-		if (!validate_json_uint32(jobj_sector_size)) {
-			log_dbg("Illegal field \"sector_size\":%s.",
-				json_object_get_string(jobj_sector_size));
-			return 1;
-		}
-
-		sector_size = json_object_get_uint32(jobj_sector_size);
-		if (!sector_size || sector_size % 512) {
-			log_dbg("Illegal sector size: %" PRIu32, sector_size);
+		    !(jobj_size =   json_contains(val, key, "Segment", "size",   json_type_string)))
 			return 1;
-		}
 
 		if (!numbered("offset", json_object_get_string(jobj_offset)) ||
-		    !numbered("iv_tweak", json_object_get_string(jobj_ivoffset)))
+		    !json_str_to_uint64(jobj_offset, &offset))
 			return 1;
 
-		/* rule out values > UINT64_MAX */
-		if (!json_str_to_uint64(jobj_offset, &offset) ||
-		    !json_str_to_uint64(jobj_ivoffset, &ivoffset))
-			return 1;
+		/* size "dynamic" means whole device starting at 'offset' */
+		if (strcmp(json_object_get_string(jobj_size), "dynamic")) {
+			if (!numbered("size", json_object_get_string(jobj_size)) ||
+			    !json_str_to_uint64(jobj_size, &size) || !size)
+				return 1;
+		} else
+			size = 0;
 
-		if (offset % sector_size) {
-			log_dbg("Offset field has to be aligned to sector size: %" PRIu32, sector_size);
+		/* all device-mapper devices are aligned to 512 sector size */
+		if (offset % SECTOR_SIZE) {
+			log_dbg("Offset field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE);
 			return 1;
 		}
-
-		if (ivoffset % sector_size) {
-			log_dbg("IV offset field has to be aligned to sector size: %" PRIu32, sector_size);
+		if (size % SECTOR_SIZE) {
+			log_dbg("Size field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE);
 			return 1;
 		}
 
-		/* length "dynamic" means whole device starting at 'offset' */
-		if (strcmp(json_object_get_string(jobj_length), "dynamic")) {
-			if (!numbered("size", json_object_get_string(jobj_length)) ||
-			    !json_str_to_uint64(jobj_length, &length))
+		/* flags array is optional and must contain strings */
+		if (json_object_object_get_ex(val, "flags", NULL)) {
+			if (!(jobj_flags = json_contains(val, key, "Segment", "flags", json_type_array)))
 				return 1;
-
-			if (length % sector_size) {
-				log_dbg("Length field has to be aligned to sector size: %" PRIu32, sector_size);
-				return 1;
-			}
+			for (i = 0; i < (int) json_object_array_length(jobj_flags); i++)
+				if (!json_object_is_type(json_object_array_get_idx(jobj_flags, i), json_type_string))
+					return 1;
 		}
 
-		json_object_object_get_ex(val, "type", &jobj_type);
+		/* crypt */
 		if (!strcmp(json_object_get_string(jobj_type), "crypt") &&
-		    !segment_has_digest(key, jobj_digests))
+		    hdr_validate_crypt_segment(val, key, jobj_digests, offset, size))
 			return 1;
 	}
 
@@ -610,6 +632,7 @@ static int hdr_validate_areas(json_objec
 	if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))
 		return 1;
 
+	/* segments are already validated */
 	if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments))
 		return 1;
 
@@ -674,11 +697,11 @@ static int hdr_validate_digests(json_obj
 		return 1;
 	}
 
-	/* keyslots should already be validated */
+	/* keyslots are not yet validated, but we need to know digest doesn't reference missing keyslot */
 	if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))
 		return 1;
 
-	/* segments are not validated atm, but we need to know digest doesn't reference missing segment */
+	/* segments are not yet validated, but we need to know digest doesn't reference missing segment */
 	if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments))
 		return 1;
 
@@ -813,10 +836,10 @@ int LUKS2_hdr_validate(json_object *hdr_
 	struct {
 		int (*validate)(json_object *);
 	} checks[] = {
-		{ hdr_validate_keyslots },
 		{ hdr_validate_tokens   },
 		{ hdr_validate_digests  },
 		{ hdr_validate_segments },
+		{ hdr_validate_keyslots },
 		{ hdr_validate_areas    },
 		{ hdr_validate_config   },
 		{ NULL }